Last active
October 14, 2017 16:30
-
-
Save pschichtel/40566f385fb61ad60295dbdf01656948 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| From 4eef7f0ccc4a721655eefc638976c311aaa12e73 Mon Sep 17 00:00:00 2001 | |
| From: Phillip Schichtel <phillip.public@schich.tel> | |
| Date: Sat, 14 Oct 2017 18:12:50 +0200 | |
| Subject: [PATCH] Update to latest nginx 1.13.6 and rtmp module 1.2.0 | |
| Additionally synced the PKGFILE with community/nginx-mainline | |
| --- | |
| .SRCINFO | 20 ++++++++++---------- | |
| PKGBUILD | 38 +++++++++++++++++++++++--------------- | |
| logrotate | 2 +- | |
| nginx.install | 29 ++++++++++------------------- | |
| service | 13 ++++++++----- | |
| 5 files changed, 52 insertions(+), 50 deletions(-) | |
| diff --git a/.SRCINFO b/.SRCINFO | |
| index d9eed2b..8820821 100644 | |
| --- a/.SRCINFO | |
| +++ b/.SRCINFO | |
| @@ -1,6 +1,8 @@ | |
| +# Generated by mksrcinfo v8 | |
| +# Sat Oct 14 16:27:34 UTC 2017 | |
| pkgbase = nginx-mainline-rtmp | |
| pkgdesc = Lightweight HTTP server and IMAP/POP3 proxy server, mainline-rtmp release | |
| - pkgver = 1.11.8 | |
| + pkgver = 1.13.6.1.2.0 | |
| pkgrel = 1 | |
| url = https://nginx.org | |
| install = nginx.install | |
| @@ -8,7 +10,6 @@ pkgbase = nginx-mainline-rtmp | |
| arch = x86_64 | |
| arch = armv7h | |
| license = custom | |
| - makedepends = hardening-wrapper | |
| depends = pcre | |
| depends = zlib | |
| depends = openssl | |
| @@ -26,19 +27,18 @@ pkgbase = nginx-mainline-rtmp | |
| backup = etc/nginx/win-utf | |
| backup = etc/logrotate.d/nginx | |
| backup = usr/share/nginx/html/crossdomain.xml | |
| - source = https://nginx.org/download/nginx-1.11.8.tar.gz | |
| - source = https://nginx.org/download/nginx-1.11.8.tar.gz.asc | |
| - source = https://github.com/arut/nginx-rtmp-module/archive/v1.1.10.tar.gz | |
| + source = https://nginx.org/download/nginx-1.13.6.tar.gz | |
| + source = https://nginx.org/download/nginx-1.13.6.tar.gz.asc | |
| + source = https://github.com/arut/nginx-rtmp-module/archive/v1.2.0.tar.gz | |
| source = service | |
| source = logrotate | |
| source = crossdomain.xml | |
| source = nginx.conf | |
| - validpgpkeys = B0F4253373F8F6F510D42178520A9993A1C052F8 | |
| - md5sums = 8f68f49b6db510e567bba9e0c271a3ac | |
| + md5sums = f84d3f782c168bfdfb734700e51a929f | |
| md5sums = SKIP | |
| - md5sums = 2e82501ed423a901ab64bfe2228a0666 | |
| - md5sums = ce9a06bcaf66ec4a3c4eb59b636e0dfd | |
| - md5sums = d6a6d4d819f03a675bacdfabd25aa37e | |
| + md5sums = 1a47951b64f3f726a9d4620774643759 | |
| + md5sums = ef491e760e7c1ffec9ca25441a150c83 | |
| + md5sums = 6a01fb17af86f03707c8ae60f98a2dc2 | |
| md5sums = 4d2e9c834fa2e60cd8b23185b93d2e2e | |
| md5sums = 35a9c62e780ab952fb89b613f0af97cd | |
| diff --git a/PKGBUILD b/PKGBUILD | |
| index 74b3134..ded51f0 100644 | |
| --- a/PKGBUILD | |
| +++ b/PKGBUILD | |
| @@ -4,16 +4,18 @@ | |
| # Contributor: Drew DeVault | |
| # Contributor: Florent Thiéry <fthiery@gmail.com> | |
| # Contributor: moparisthebest <admin dot archlinux AT moparisthebest dot com> | |
| +# Contributer: Phillip Schichtel <phillip@schich.tel> | |
| +_nginx_version=1.13.6 | |
| +_rtmp_version=1.2.0 | |
| pkgname=nginx-mainline-rtmp | |
| -pkgver=1.11.8 | |
| +pkgver="${_nginx_version}.${_rtmp_version}" | |
| pkgrel=1 | |
| pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server, mainline-rtmp release' | |
| arch=('i686' 'x86_64' 'armv7h') | |
| url='https://nginx.org' | |
| license=('custom') | |
| depends=('pcre' 'zlib' 'openssl' 'geoip') | |
| -makedepends=('hardening-wrapper') | |
| backup=('etc/nginx/fastcgi.conf' | |
| 'etc/nginx/fastcgi_params' | |
| 'etc/nginx/koi-win' | |
| @@ -28,18 +30,18 @@ backup=('etc/nginx/fastcgi.conf' | |
| install=nginx.install | |
| provides=('nginx') | |
| conflicts=('nginx') | |
| -source=($url/download/nginx-$pkgver.tar.gz{,.asc} | |
| - https://github.com/arut/nginx-rtmp-module/archive/v1.1.10.tar.gz | |
| +source=($url/download/nginx-${_nginx_version}.tar.gz{,.asc} | |
| + https://github.com/arut/nginx-rtmp-module/archive/v${_rtmp_version}.tar.gz | |
| service | |
| logrotate | |
| crossdomain.xml | |
| nginx.conf) | |
| validpgpkeys=('B0F4253373F8F6F510D42178520A9993A1C052F8') # Maxim Dounin <mdounin@mdounin.ru> | |
| -md5sums=('8f68f49b6db510e567bba9e0c271a3ac' | |
| +md5sums=('f84d3f782c168bfdfb734700e51a929f' | |
| 'SKIP' | |
| - '2e82501ed423a901ab64bfe2228a0666' | |
| - 'ce9a06bcaf66ec4a3c4eb59b636e0dfd' | |
| - 'd6a6d4d819f03a675bacdfabd25aa37e' | |
| + '1a47951b64f3f726a9d4620774643759' | |
| + 'ef491e760e7c1ffec9ca25441a150c83' | |
| + '6a01fb17af86f03707c8ae60f98a2dc2' | |
| '4d2e9c834fa2e60cd8b23185b93d2e2e' | |
| '35a9c62e780ab952fb89b613f0af97cd') | |
| @@ -64,10 +66,14 @@ _common_flags=( | |
| --with-http_v2_module | |
| --with-mail | |
| --with-mail_ssl_module | |
| + --with-pcre-jit | |
| --with-stream | |
| + --with-stream_geoip_module | |
| + --with-stream_realip_module | |
| --with-stream_ssl_module | |
| + --with-stream_ssl_preread_module | |
| --with-threads | |
| - --add-module=../nginx-rtmp-module-1.1.10 | |
| + "--add-module=../nginx-rtmp-module-${_rtmp_version}" | |
| ) | |
| _mainline_flags=( | |
| @@ -77,7 +83,7 @@ _mainline_flags=( | |
| ) | |
| build() { | |
| - cd $provides-$pkgver | |
| + cd "$provides-${_nginx_version}" | |
| ./configure \ | |
| --prefix=/etc/nginx \ | |
| --conf-path=/etc/nginx/nginx.conf \ | |
| @@ -93,6 +99,8 @@ build() { | |
| --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ | |
| --http-scgi-temp-path=/var/lib/nginx/scgi \ | |
| --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ | |
| + --with-cc-opt="$CFLAGS $CPPFLAGS" \ | |
| + --with-ld-opt="$LDFLAGS" \ | |
| ${_common_flags[@]} \ | |
| ${_mainline_flags[@]} | |
| @@ -100,7 +108,7 @@ build() { | |
| } | |
| package() { | |
| - cd $provides-$pkgver | |
| + cd "$provides-${_nginx_version}" | |
| make DESTDIR="$pkgdir" install | |
| sed -e 's|\<user\s\+\w\+;|user html;|g' \ | |
| @@ -113,8 +121,8 @@ package() { | |
| install -d "$pkgdir"/var/lib/nginx | |
| install -dm700 "$pkgdir"/var/lib/nginx/proxy | |
| - chmod 750 "$pkgdir"/var/log/nginx | |
| - chown http:log "$pkgdir"/var/log/nginx | |
| + chmod 755 "$pkgdir"/var/log/nginx | |
| + chown root:root "$pkgdir"/var/log/nginx | |
| install -d "$pkgdir"/usr/share/nginx | |
| mv "$pkgdir"/etc/nginx/html/ "$pkgdir"/usr/share/nginx | |
| @@ -131,8 +139,8 @@ package() { | |
| gzip -9c man/nginx.8 > "$pkgdir"/usr/share/man/man8/nginx.8.gz | |
| for i in ftdetect indent syntax; do | |
| - install -Dm644 contrib/vim/${i}/nginx.vim \ | |
| - "${pkgdir}/usr/share/vim/vimfiles/${i}/nginx.vim" | |
| + install -Dm644 contrib/vim/$i/nginx.vim \ | |
| + "$pkgdir/usr/share/vim/vimfiles/$i/nginx.vim" | |
| done | |
| } | |
| diff --git a/logrotate b/logrotate | |
| index 6fcf558..e0afbb9 100644 | |
| --- a/logrotate | |
| +++ b/logrotate | |
| @@ -5,6 +5,6 @@ | |
| sharedscripts | |
| compress | |
| postrotate | |
| - test ! -r /var/run/nginx.pid || kill -USR1 `cat /var/run/nginx.pid` | |
| + test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid` | |
| endscript | |
| } | |
| diff --git a/nginx.install b/nginx.install | |
| index 7c4adf1..90d24a5 100644 | |
| --- a/nginx.install | |
| +++ b/nginx.install | |
| @@ -1,21 +1,12 @@ | |
| post_upgrade() { | |
| - if (( $(vercmp $2 1.2.7-4) <= 0 )); then | |
| - chmod 750 var/log/nginx | |
| - chown http:log var/log/nginx | |
| - fi | |
| - if (( $(vercmp $2 1.2.1-2) <= 0 )); then | |
| - echo ' >>> Since 1.2.1-2 several changes has been made in package:' | |
| - echo ' - *.conf files have been moved to /etc/nginx' | |
| - echo ' - /etc/conf.d/nginx has been removed' | |
| - echo ' Main configuration file is set to /etc/nginx/nginx.conf' | |
| - echo ' - access.log and error.log can be found in /var/log/nginx by default' | |
| - echo ' - bundled *.html files have been moved to /usr/share/nginx/html' | |
| - echo ' - /etc/nginx/{html,logs} symbolic links and *.default files have been removed' | |
| - fi | |
| - if (( $(vercmp $2 1.4.2-4) < 0 )); then | |
| - echo 'Nginx now includes only upstream bundled modules.' | |
| - echo 'Thus, passenger module support was dropped.' | |
| - fi | |
| -} | |
| + if (( $(vercmp $2 1.11.8-2) < 0)); then | |
| + chown root:root var/log/nginx | |
| + fi | |
| -# vim:set ts=4 sw=4 et: | |
| + if (( $(vercmp $2 1.11.9-2) < 0 )); then | |
| + chmod 755 var/log/nginx | |
| + echo ':: Security notice:' | |
| + echo ' - When additional log directories are used in /var/log/nginx make sure they' | |
| + echo ' are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247' | |
| + fi | |
| +} | |
| diff --git a/service b/service | |
| index 29d3aa8..365bc95 100644 | |
| --- a/service | |
| +++ b/service | |
| @@ -1,14 +1,17 @@ | |
| [Unit] | |
| Description=A high performance web server and a reverse proxy server | |
| -After=syslog.target network.target | |
| +After=network.target network-online.target nss-lookup.target | |
| [Service] | |
| Type=forking | |
| PIDFile=/run/nginx.pid | |
| -ExecStartPre=/usr/bin/nginx -t -q -g 'pid /run/nginx.pid; daemon on; master_process on;' | |
| -ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' | |
| -ExecReload=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' -s reload | |
| -ExecStop=/usr/bin/nginx -g 'pid /run/nginx.pid;' -s quit | |
| +PrivateDevices=yes | |
| +SyslogLevel=err | |
| + | |
| +ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;' | |
| +ExecReload=/usr/bin/nginx -s reload | |
| +KillSignal=SIGQUIT | |
| +KillMode=mixed | |
| [Install] | |
| WantedBy=multi-user.target | |
| -- | |
| 2.14.2 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment