diff --git a/nginx/.SRCINFO b/nginx/.SRCINFO new file mode 100644 index 0000000000..b7cf12011f --- /dev/null +++ b/nginx/.SRCINFO @@ -0,0 +1,58 @@ +pkgbase = nginx + pkgdesc = Lightweight HTTP server and IMAP/POP3 proxy server + pkgver = 1.26.1 + pkgrel = 1 + url = https://nginx.org + arch = x86_64 + license = BSD-2-Clause + checkdepends = perl + checkdepends = perl-gd + checkdepends = perl-io-socket-ssl + checkdepends = perl-fcgi + checkdepends = perl-cache-memcached + checkdepends = perl-cryptx + checkdepends = memcached + checkdepends = ffmpeg + checkdepends = coreutils + makedepends = mercurial + makedepends = pcre2 + makedepends = zlib + makedepends = openssl + makedepends = geoip + makedepends = mailcap + makedepends = libxcrypt + source = https://nginx.org/download/nginx-1.26.1.tar.gz + source = https://nginx.org/download/nginx-1.26.1.tar.gz.asc + source = hg+https://hg.nginx.org/nginx-tests#revision=2a607a31f583add7adfa1ac434a3f793d327ca6b + source = nginx.service + source = logrotate + validpgpkeys = B0F4253373F8F6F510D42178520A9993A1C052F8 + validpgpkeys = 43387825DDB1BB97EC36BA5D007C8D7C15D87369 + validpgpkeys = D6786CE303D9A9022998DC6CC8464D549AF75C0A + validpgpkeys = 13C82A63B603576156E30A4EA0EA981B66B0D967 + sha512sums = dfaadde78eb5cf8c8c3a43ead9ac49fc852c8de3e70e69754e3ffafc88c50c8bc08cdac0cc0ba8a9d8c155bdb334865e2e6c7dc1144c79959c426a9e087b3e37 + sha512sums = SKIP + sha512sums = 2c1efc38f4d36c10e7d13bb48e035246215c33213e42d733ef0c1bbbdbce71777b2430247d1c1fe922e03d10ce53c05fe555bd9fea547658e6c6d763af8d8b93 + sha512sums = f469b3b14def666e955abf6f2d3c68a47631cad7bee90c92039ffe5bf629aa7e32bb4250844d52c0f963740fb07bf7fea5f8887cc1d5199403f07be6214fcb8d + sha512sums = 2f4dfcfa711b8bcbc5918ba635f5e430ef7132e66276261ade62bb1cba016967432c8dce7f84352cb8b07dc7c6b18f09177aa3eb92c8e358b2a106c8ca142fe9 + +pkgname = nginx + depends = glibc + depends = pcre2 + depends = zlib + depends = openssl + depends = geoip + depends = mailcap + depends = libxcrypt + backup = etc/nginx/fastcgi.conf + backup = etc/nginx/fastcgi_params + backup = etc/nginx/koi-win + backup = etc/nginx/koi-utf + backup = etc/nginx/nginx.conf + backup = etc/nginx/scgi_params + backup = etc/nginx/uwsgi_params + backup = etc/nginx/win-utf + backup = etc/logrotate.d/nginx + +pkgname = nginx-src + pkgdesc = Source code of nginx 1.26.1, useful for building modules diff --git a/nginx/.nvchecker.toml b/nginx/.nvchecker.toml new file mode 100644 index 0000000000..3b8da2e2ba --- /dev/null +++ b/nginx/.nvchecker.toml @@ -0,0 +1,4 @@ +[nginx] +source = "regex" +url = "https://nginx.org/en/download.html" +regex = "Stable version.+nginx-([0-9\\.]+).tar.gz.+Legacy versions" diff --git a/nginx/PKGBUILD b/nginx/PKGBUILD index 6c92abeb7d..b4a098373f 100644 --- a/nginx/PKGBUILD +++ b/nginx/PKGBUILD @@ -1,6 +1,5 @@ # POWER Maintainer: Alexander Baldeck # Maintainer: Levente Polyak -# Maintainer: T.J. Townsend # Maintainer: Massimiliano Torromeo # Contributor: Bartłomiej Piotrowski # Contributor: Sébastien Luttringer @@ -10,25 +9,18 @@ pkgbase=nginx pkgname=(nginx nginx-src) -pkgver=1.26.0 -pkgrel=3 +pkgver=1.26.2 +pkgrel=1 +_tests_commit=2a607a31f583add7adfa1ac434a3f793d327ca6b arch=(x86_64 powerpc64le powerpc64 powerpc riscv64) +pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server' url='https://nginx.org' -license=(custom) +license=(BSD-2-Clause) makedepends=(mercurial pcre2 zlib openssl geoip mailcap libxcrypt) checkdepends=(perl perl-gd perl-io-socket-ssl perl-fcgi perl-cache-memcached - memcached ffmpeg) -backup=(etc/nginx/fastcgi.conf - etc/nginx/fastcgi_params - etc/nginx/koi-win - etc/nginx/koi-utf - etc/nginx/nginx.conf - etc/nginx/scgi_params - etc/nginx/uwsgi_params - etc/nginx/win-utf - etc/logrotate.d/nginx) + perl-cryptx memcached ffmpeg coreutils) source=($url/download/nginx-$pkgver.tar.gz{,.asc} - hg+https://hg.nginx.org/nginx-tests + "hg+https://hg.nginx.org/nginx-tests#revision=${_tests_commit}" nginx.service logrotate) # https://nginx.org/en/pgp_keys.html @@ -36,10 +28,10 @@ validpgpkeys=('B0F4253373F8F6F510D42178520A9993A1C052F8' # Maxim Dounin 'D6786CE303D9A9022998DC6CC8464D549AF75C0A' # Sergey Kandaurov '13C82A63B603576156E30A4EA0EA981B66B0D967') # Konstantin Pavlov -sha512sums=('1f604a4a29f1b74eb56de7f1d8b0e5610fa055280b4ad2d3550c56926460de24da81b17485cffb358d8814061d4a9db1e0e5079af7921f1dc329e283e2775791' +sha512sums=('470efe9ae5d6150ecbf133979c6c36415679a2156499a3b6820a85eb8f3038a8aa06f7b28ddd834cffb0e982f3ddc89e4b1649d536eba4f84019a72d4cfa3539' 'SKIP' - 'SKIP' - 'ca7d8666177d31b6c4924e9ab44ddf3d5b596b51da04d38da002830b03bd176d49354bbdd2a496617d57f44111ad59833296af87d03ffe3fca6b99327a7b4c3c' + '2c1efc38f4d36c10e7d13bb48e035246215c33213e42d733ef0c1bbbdbce71777b2430247d1c1fe922e03d10ce53c05fe555bd9fea547658e6c6d763af8d8b93' + 'f469b3b14def666e955abf6f2d3c68a47631cad7bee90c92039ffe5bf629aa7e32bb4250844d52c0f963740fb07bf7fea5f8887cc1d5199403f07be6214fcb8d' '2f4dfcfa711b8bcbc5918ba635f5e430ef7132e66276261ade62bb1cba016967432c8dce7f84352cb8b07dc7c6b18f09177aa3eb92c8e358b2a106c8ca142fe9') _common_flags=( @@ -75,9 +67,6 @@ _common_flags=( --with-threads ) -_stable_flags=( -) - prepare() { cp -r $pkgbase-$pkgver{,-src} } @@ -102,20 +91,29 @@ build() { --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ --with-cc-opt="$CFLAGS $CPPFLAGS" \ --with-ld-opt="$LDFLAGS" \ - "${_common_flags[@]}" \ - "${_stable_flags[@]}" + "${_common_flags[@]}" make } check() { cd nginx-tests - TEST_NGINX_BINARY="$srcdir/$pkgbase-$pkgver/objs/nginx" prove . + local _jobs=$(nproc) + (( _jobs > 16 )) && _jobs=16 + TEST_NGINX_BINARY="$srcdir/$pkgbase-$pkgver/objs/nginx" prove -j "$_jobs" . } package_nginx() { - pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server' - depends=(pcre2 zlib openssl geoip mailcap libxcrypt) + depends=(glibc pcre2 zlib openssl geoip mailcap libxcrypt) + backup=(etc/nginx/fastcgi.conf + etc/nginx/fastcgi_params + etc/nginx/koi-win + etc/nginx/koi-utf + etc/nginx/nginx.conf + etc/nginx/scgi_params + etc/nginx/uwsgi_params + etc/nginx/win-utf + etc/logrotate.d/nginx) cd $pkgbase-$pkgver make DESTDIR="$pkgdir" install @@ -139,7 +137,7 @@ package_nginx() { install -Dm644 ../logrotate "$pkgdir"/etc/logrotate.d/nginx install -Dm644 ../nginx.service "$pkgdir"/usr/lib/systemd/system/nginx.service - install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgbase/LICENSE + install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE rmdir "$pkgdir"/run @@ -156,4 +154,5 @@ package_nginx-src() { install -d "$pkgdir/usr/src" cp -r $pkgbase-$pkgver-src "$pkgdir/usr/src/nginx" + install -Dm644 $pkgbase-$pkgver/LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE } diff --git a/nginx/README.md b/nginx/README.md new file mode 100644 index 0000000000..6465a9f3ca --- /dev/null +++ b/nginx/README.md @@ -0,0 +1,72 @@ +# NGINX Packaging + +## Overview + +Due to the nature of NGINX's module architecture, it is important to understand +the intricacies involved in maintaining compatibility across different +versions. + +## Dynamic Modules + +When we compile a dynamic module, the raw output is a shared object (.so +file). At startup and reload, NGINX loads each of the shared objects named by a +[load_module] directive (which by convention are in the main configuration file, +`nginx.conf`). + +Dynamic modules are binary‑compatible with the official builds of NGINX and +NGINX Plus. However, this binary compatibility has limitations. Dynamic modules +must be compiled against the same version of NGINX they are loaded into. This +means that upgrading NGINX without rebuilding all dynamic modules built against +the matching version results in a failure during load time. + +### Distro flags + +Due to the default configuration of the NGINX dynamic module `configure` +scripts and `Makefile`, our distribution's `LDFLAGS` are ignored. To address +this, the `configure` scripts accept a `--with-ld-opt` option, allowing you to +pass along our distribution's flags. Additionally, for dynamic modules +compatibility, the `--with-compat` option should always be used. + +```sh +/usr/src/nginx/configure \ + --with-compat \ + --with-ld-opt="${LDFLAGS}" \ + --add-dynamic-module=../modsecurity-nginx-v$pkgver +``` + +### Depending on nginx + +Taking the incompatibility into account, dynamic module packages should depend +on the exact nginx version used during compilation to avoid breakage after a +systen upgrade in case a rebuild has been missed. To achieve this, the dynamic +module packages should `makedepends` on `nginx` as well as in their respective +`package()` function add a `depends` on the precise `nginx` version: + +```sh +makedepends=( + nginx + nginx-src +) + +package() { + local _nginx_version=$(nginx -v 2>&1) + _nginx_version=${_nginx_version/* nginx\/} + depends+=("nginx=${_nginx_version}") +} +``` + +### Rebuilding packages + +The easiest way to find the rebuild targets is to lookout for dependencies on +the `nginx-src` split package, which contains the require source code for dynamic +modules to compile against. The rebuild targets can be double checked against the +[ArchWeb frontend]. + +Using `pkgctl` to get a list of packages having a makedepends on `nginx-src`: + +```sh +pkgctl search --json '"makedepends = nginx-src"' | jq --raw-output '.[].project_name' +``` + +[load_module]: https://nginx.org/en/docs/ngx_core_module.html#load_module +[ArchWeb frontend]: https://archlinux.org/packages/extra/x86_64/nginx-src/ diff --git a/nginx/nginx.service b/nginx/nginx.service index 633c3295b0..5a4e914c96 100644 --- a/nginx/nginx.service +++ b/nginx/nginx.service @@ -1,5 +1,5 @@ [Unit] -Description=A high performance web server and a reverse proxy server +Description=nginx web server After=network-online.target remote-fs.target nss-lookup.target Wants=network-online.target