X-Git-Url: https://git.pld-linux.org/?a=blobdiff_plain;f=nginx.spec;h=0f24de2ce071c889dfccf4d6e16d0262abeb1cac;hb=7ce2935cc5ca3aa2ea15cd8707127c32b343fc22;hp=c6773d83a20990d44c6d2dfe3785d749920ef18a;hpb=2fb62cf2560b3e0ed86d11860527c7f6e496a9d1;p=packages%2Fnginx.git diff --git a/nginx.spec b/nginx.spec index c6773d8..0f24de2 100644 --- a/nginx.spec +++ b/nginx.spec @@ -16,18 +16,21 @@ %bcond_without rtsig # rtsig %bcond_without select # select %bcond_without spdy # spdy module -%bcond_without status # stats module +%bcond_without status # status module %bcond_without ssl # ssl support %bcond_with http_browser # header "User-agent" parser %bcond_with rtmp # rtmp support %bcond_with threads # thread pool support +%bcond_with debug # enable debug logging: http://nginx.org/en/docs/debugging_log.html %bcond_without auth_request # auth_request module +%bcond_with modsecurity # modsecurity module %ifarch x32 %undefine with_rtsig %endif %define rtmp_version 1.1.7 +%define modsecurity_version 2.9.0 Summary: High perfomance HTTP and reverse proxy server Summary(pl.UTF-8): Serwer HTTP i odwrotne proxy o wysokiej wydajności # nginx lines: @@ -35,7 +38,7 @@ Summary(pl.UTF-8): Serwer HTTP i odwrotne proxy o wysokiej wydajności # - mainline: production quality but API can change Name: nginx Version: 1.8.0 -Release: 2 +Release: 4 License: BSD-like Group: Networking/Daemons/HTTP Source0: http://nginx.org/download/%{name}-%{version}.tar.gz @@ -45,29 +48,28 @@ Source1: http://nginx.net/favicon.ico Source2: proxy.conf Source3: %{name}.logrotate Source4: %{name}.mime -Source5: %{name}-light.conf Source6: %{name}-light.monitrc -Source7: %{name}-light.init +Source7: %{name}.init Source8: %{name}-mail.conf Source9: %{name}-mail.monitrc -Source10: %{name}-mail.init -Source11: %{name}-perl.conf Source12: %{name}-perl.monitrc -Source13: %{name}-perl.init -Source14: %{name}-standard.conf +Source14: %{name}.conf Source15: %{name}-standard.monitrc -Source16: %{name}-standard.init Source17: %{name}-mime.types.sh Source18: %{name}-standard.service Source19: %{name}-light.service Source20: %{name}-perl.service Source21: %{name}-mail.service +Source22: http://www.modsecurity.org/tarball/%{modsecurity_version}/modsecurity-%{modsecurity_version}.tar.gz +# Source22-md5: ecf42d21f26338443d7111891851628c Source101: https://github.com/arut/nginx-rtmp-module/archive/v%{rtmp_version}/nginx-rtmp-module-%{rtmp_version}.tar.gz # Source101-md5: 8006de2560db3e55bb15d110220076ac Patch0: %{name}-no-Werror.patch +Patch1: %{name}-modsecurity-xheaders.patch URL: http://nginx.net/ +%{?with_modsecurity:BuildRequires: lua-devel} BuildRequires: mailcap -BuildRequires: openssl-devel +%{?with_ssl:BuildRequires: openssl-devel >= 1.0.2} BuildRequires: pcre-devel %{?with_perl:BuildRequires: perl-CGI} %{?with_perl:BuildRequires: perl-devel} @@ -108,11 +110,8 @@ Requires(pre): /bin/id Requires(pre): /usr/bin/getgid Requires(pre): /usr/sbin/groupadd Requires(pre): /usr/sbin/useradd -Requires: openssl -Requires: pcre Requires: rc-scripts >= 0.2.0 Requires: systemd-units >= 38 -Requires: zlib Provides: group(http) Provides: group(nginx) Provides: user(nginx) @@ -133,9 +132,7 @@ Group: Networking/Daemons/HTTP Requires(post,preun): /sbin/chkconfig Requires(post,preun,postun): systemd-units >= 38 Requires: %{name}-common = %{version}-%{release} -Requires: openssl -Requires: pcre -Requires: zlib +%{?with_ssl:Requires: openssl >= 1.0.2} Provides: nginx-daemon Provides: webserver @@ -170,7 +167,7 @@ Group: Networking/Daemons/HTTP Requires(post,preun): /sbin/chkconfig Requires(post,preun,postun): systemd-units >= 38 Requires: %{name}-common = %{version}-%{release} -Requires: openssl +%{?with_ssl:Requires: openssl >= 1.0.2} Provides: nginx-daemon Provides: webserver @@ -203,9 +200,6 @@ Group: Networking/Daemons/HTTP Requires(post,preun): /sbin/chkconfig Requires(post,preun,postun): systemd-units >= 38 Requires: %{name}-common = %{version}-%{release} -Requires: openssl -Requires: pcre -Requires: zlib Provides: nginx-daemon %description mail @@ -237,7 +231,7 @@ Group: Networking/Daemons/HTTP Requires(post,preun): /sbin/chkconfig Requires(post,preun,postun): systemd-units >= 38 Requires: %{name}-common = %{version}-%{release} -Requires: openssl +%{?with_ssl:Requires: openssl >= 1.0.2} Provides: nginx Provides: nginx-daemon Conflicts: logrotate < 3.7-4 @@ -288,8 +282,9 @@ monitrc file for monitoring nginx webserver. Plik monitrc do monitorowania serwera WWW nginx. %prep -%setup -q %{?with_rtmp:-a101} +%setup -q %{?with_rtmp:-a101} %{?with_modsecurity:-a22} %patch0 -p0 +%{?with_modsecurity:%patch1 -p0} %if %{with rtmp} mv nginx-rtmp-module-%{rtmp_version} nginx-rtmp-module @@ -304,41 +299,54 @@ cp -f configure auto/ install -d bin -# build with common options +# build with default options build() { + local type=$1; shift ./configure \ --prefix=%{_prefix} \ + --sbin-path=%{_sbindir}/%{name}-$type \ + --conf-path=%{_sysconfdir}/%{name}-$type.conf \ + --error-log-path=%{_localstatedir}/log/%{name}/%{name}-${type}_error.log \ + --http-log-path=%{_localstatedir}/log/%{name}/%{name}-${type}_access.log \ + --pid-path=%{_localstatedir}/run/%{name}-$type.pid \ + --lock-path=%{_localstatedir}/lock/subsys/%{name}-$type \ + --http-client-body-temp-path=%{_localstatedir}/cache/%{name}-$type/client_body_temp \ + --http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}-$type/fastcgi_temp \ + --http-proxy-temp-path=%{_localstatedir}/cache/%{name}-$type/proxy_temp \ --user=nginx \ --group=nginx \ + %{?with_ipv6:--with-ipv6} \ + %{?with_select:--with-select_module} \ + %{?with_poll:--with-poll_module} \ + %{?with_rtsig:--with-rtsig_module} \ --with-cc="%{__cc}" \ --with-cc-opt="%{rpmcflags}" \ --with-ld-opt="%{rpmldflags}" \ - %{?debug:--with-debug} \ + %{?with_debug:--with-debug} \ "$@" %{__make} } +%if %{with modsecurity} +cd modsecurity-%{modsecurity_version} +./autogen.sh +%configure \ + --enable-standalone-module \ + --disable-mlogc \ + --enable-alp2 \ + --with-lua=/usr +%{__make} +cd .. +%endif + %if %{with perl} -build \ - --sbin-path=%{_sbindir}/%{name}-perl \ - --conf-path=%{_sysconfdir}/%{name}-perl.conf \ - --error-log-path=%{_localstatedir}/log/%{name}/%{name}-perl_error.log \ - --http-log-path=%{_localstatedir}/log/%{name}/%{name}-perl_access.log \ - --pid-path=%{_localstatedir}/run/%{name}-perl.pid \ - --lock-path=%{_localstatedir}/lock/subsys/%{name}-perl \ +build perl \ --with-http_perl_module \ - --without-mail_pop3_module \ - --without-mail_imap_module \ - --without-mail_smtp_module \ %{?with_addition:--with-http_addition_module} \ %{?with_dav:--with-http_dav_module} \ %{?with_flv:--with-http_flv_module} \ - %{?with_ipv6:--with-ipv6} \ %{?with_sub:--with-http_sub_module} \ - %{?with_poll:--with-poll_module} \ %{?with_realip:--with-http_realip_module} \ - %{?with_rtsig:--with-rtsig_module} \ - %{?with_select:--with-select_module} \ %{?with_status:--with-http_stub_status_module} \ %{?with_ssl:--with-http_ssl_module} \ %{!?with_http_browser:--without-http_browser_module} \ @@ -347,9 +355,6 @@ build \ %{?with_threads:--with-threads} \ %{?with_spdy:--with-http_spdy_module} \ --with-http_secure_link_module \ - --http-client-body-temp-path=%{_localstatedir}/cache/%{name}-perl/client_body_temp \ - --http-proxy-temp-path=%{_localstatedir}/cache/%{name}-perl/proxy_temp \ - --http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}-perl/fastcgi_temp \ %{nil} mv -f objs/nginx bin/nginx-perl @@ -358,90 +363,50 @@ mv -f objs/src/http/modules/perl/nginx.pm bin/nginx.pm %endif %if %{with mail} -build \ - --sbin-path=%{_sbindir}/%{name}-mail \ - --conf-path=%{_sysconfdir}/%{name}-mail.conf \ - --error-log-path=%{_localstatedir}/log/%{name}/%{name}-mail_error.log \ - --http-log-path=%{_localstatedir}/log/%{name}/%{name}-mail_access.log \ - --pid-path=%{_localstatedir}/run/%{name}-mail.pid \ - --lock-path=%{_localstatedir}/lock/subsys/%{name}-mail \ +build mail \ + --without-http \ --with-imap \ --with-mail \ --with-mail_ssl_module \ - --without-http \ - %{?with_ipv6:--with-ipv6} \ - %{?with_poll:--with-poll_module} \ - %{?with_rtsig:--with-rtsig_module} \ - %{?with_select:--with-select_module} \ - --http-client-body-temp-path=%{_localstatedir}/cache/%{name}-mail/client_body_temp \ - --http-proxy-temp-path=%{_localstatedir}/cache/%{name}-mail/proxy_temp \ - --http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}-mail/fastcgi_temp \ %{nil} mv -f objs/nginx bin/nginx-mail %endif %if %{with light} -build \ - --sbin-path=%{_sbindir}/%{name}-light \ - --conf-path=%{_sysconfdir}/%{name}-light.conf \ - --error-log-path=%{_localstatedir}/log/%{name}/%{name}-light_error.log \ - --http-log-path=%{_localstatedir}/log/%{name}/%{name}-light_access.log \ - --pid-path=%{_localstatedir}/run/%{name}-light.pid \ - --lock-path=%{_localstatedir}/lock/subsys/%{name}-light \ - %{?with_ipv6:--with-ipv6} \ - %{?with_poll:--with-poll_module} \ +build light \ %{?with_realip:--with-http_realip_module} \ - %{?with_rtsig:--with-rtsig_module} \ - %{?with_select:--with-select_module} \ %{?with_status:--with-http_stub_status_module} \ %{?with_ssl:--with-http_ssl_module} \ %{?with_rtmp:--add-module=./nginx-rtmp-module} \ %{?with_auth_request:--with-http_auth_request_module} \ %{?with_threads:--with-threads} \ %{?with_spdy:--with-http_spdy_module} \ + %{?with_modsecurity:--add-module=modsecurity-%{modsecurity_version}/nginx/modsecurity} \ --without-http_browser_module \ - --without-mail_pop3_module \ - --without-mail_imap_module \ - --without-mail_smtp_module \ --with-http_secure_link_module \ - --http-client-body-temp-path=%{_localstatedir}/cache/%{name}-light/client_body_temp \ - --http-proxy-temp-path=%{_localstatedir}/cache/%{name}-light/proxy_temp \ - --http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}-light/fastcgi_temp \ %{nil} mv -f objs/nginx bin/nginx-light %endif -build \ - --sbin-path=%{_sbindir}/%{name}-standard \ - --conf-path=%{_sysconfdir}/%{name}-standard.conf \ - --error-log-path=%{_localstatedir}/log/%{name}/%{name}-standard_error.log \ - --http-log-path=%{_localstatedir}/log/%{name}/%{name}-standard_access.log \ - --pid-path=%{_localstatedir}/run/%{name}-standard.pid \ - --lock-path=%{_localstatedir}/lock/subsys/%{name}-standard \ +build standard \ %{?with_addition:--with-http_addition_module} \ %{?with_dav:--with-http_dav_module} \ %{?with_flv:--with-http_flv_module} \ - %{?with_ipv6:--with-ipv6} \ %{?with_sub:--with-http_sub_module} \ - %{?with_poll:--with-poll_module} \ %{?with_realip:--with-http_realip_module} \ - %{?with_rtsig:--with-rtsig_module} \ - %{?with_select:--with-select_module} \ %{?with_status:--with-http_stub_status_module} \ %{?with_ssl:--with-http_ssl_module} \ %{!?with_http_browser:--without-http_browser_module} \ %{?with_rtmp:--add-module=./nginx-rtmp-module} \ %{?with_auth_request:--with-http_auth_request_module} \ %{?with_threads:--with-threads} \ + %{?with_modsecurity:--add-module=modsecurity-%{modsecurity_version}/nginx/modsecurity} \ --with-http_secure_link_module \ - --http-client-body-temp-path=%{_localstatedir}/cache/%{name}-standard/client_body_temp \ - --http-proxy-temp-path=%{_localstatedir}/cache/%{name}-standard/proxy_temp \ - --http-fastcgi-temp-path=%{_localstatedir}/cache/%{name}-standard/fastcgi_temp \ %{nil} -mv -f objs/%{name} bin/%{name}-standard +mv -f objs/nginx bin/nginx-standard %install rm -rf $RPM_BUILD_ROOT @@ -464,42 +429,38 @@ cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_nginxdir}/html/favicon.ico cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/proxy.conf cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/logrotate.d/%{name} cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/mime.types -cp -p %{SOURCE14} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-standard.conf -cp -p %{SOURCE15} $RPM_BUILD_ROOT/etc/monit/%{name}-standard.monitrc -install -p %{SOURCE16} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}-standard -cp -p %{SOURCE18} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}-standard.service -install -p bin/nginx-standard $RPM_BUILD_ROOT%{_sbindir} + +install_build() { + local type=$1 + %{__sed} -e 's/@type@/standard/g' %{_sourcedir}/%{name}.conf \ + > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-$type.conf + + install -p %{SOURCE7} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}-$type + %{__sed} -i -e 's/@type@/standard/g' $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}-$type + + cp -p %{_sourcedir}/%{name}-$type.service $RPM_BUILD_ROOT%{systemdunitdir} + cp -p %{_sourcedir}/%{name}-$type.monitrc $RPM_BUILD_ROOT/etc/monit + install -p bin/%{name}-$type $RPM_BUILD_ROOT%{_sbindir} +} + +install_build standard ln -sf %{systemdunitdir}/%{name}-standard.service $RPM_BUILD_ROOT/etc/systemd/system/nginx.service %if %{with light} -cp -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-light.conf -cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/monit/%{name}-light.monitrc -cp -p %{SOURCE7} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}-light -cp -p %{SOURCE19} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}-light.service -install -p bin/nginx-light $RPM_BUILD_ROOT%{_sbindir} -%endif - -%if %{with mail} -cp -p %{SOURCE8} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-mail.conf -cp -p %{SOURCE9} $RPM_BUILD_ROOT/etc/monit/%{name}-mail.monitrc -install -p bin/nginx-mail $RPM_BUILD_ROOT%{_sbindir} -install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}-mail -cp -p %{SOURCE21} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}-mail.service +install_build light %endif %if %{with perl} install -d $RPM_BUILD_ROOT{%{perl_vendorarch},%{perl_vendorarch}/auto/%{name}} -cp -p %{SOURCE11} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-perl.conf -cp -p %{SOURCE12} $RPM_BUILD_ROOT/etc/monit/%{name}-perl.monitrc -install -p %{SOURCE13} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}-perl -cp -p %{SOURCE20} $RPM_BUILD_ROOT%{systemdunitdir}/%{name}-perl.service +install_build perl cp -p bin/nginx.pm $RPM_BUILD_ROOT%{perl_vendorarch}/%{name}.pm install -p bin/nginx.so $RPM_BUILD_ROOT%{perl_vendorarch}/auto/%{name}/%{name}.so install -p bin/nginx-perl $RPM_BUILD_ROOT%{_sbindir} %endif -rm -f $RPM_BUILD_ROOT%{_sysconfdir}/*.default -rm -rf $RPM_BUILD_ROOT%{_prefix}/html +%if %{with mail} +install_build mail +%endif # only touch these for ghost packaging touch $RPM_BUILD_ROOT%{_sysconfdir}/{fastcgi,scgi,uwsgi}.params @@ -524,7 +485,7 @@ for a in access.log error.log; do done /sbin/chkconfig --add %{name}-standard %systemd_post %{name}-standard.service -%service %{name}-standard restart +%service %{name}-standard force-reload echo 'NOTE: this nginx daemon is using "/etc/nginx/nginx-standard.conf" as config.' if ! [ -L /etc/systemd/system/nginx.service ] ; then ln -s %{systemdunitdir}/%{name}-standard.service /etc/systemd/system/nginx.service || : @@ -541,7 +502,7 @@ for a in access.log error.log; do done /sbin/chkconfig --add %{name}-light %systemd_post %{name}-light.service -%service %{name}-light restart +%service %{name}-light force-reload echo 'NOTE: this nginx daemon is using "/etc/nginx/nginx-light.conf" as config' %post perl @@ -555,7 +516,7 @@ for a in access.log error.log; do done /sbin/chkconfig --add %{name}-perl %systemd_post %{name}-perl.service -%service %{name}-perl restart +%service %{name}-perl force-reload echo 'NOTE: this nginx daemon is using "/etc/nginx/nginx-perl.conf" as config' %post mail @@ -569,7 +530,7 @@ for a in access.log error.log; do done /sbin/chkconfig --add %{name}-mail %systemd_post %{name}-mail.service -%service %{name}-mail restart +%service %{name}-mail force-reload echo 'NOTE: this nginx daemon is using "/etc/nginx/nginx-mail.conf" as config' %preun standard @@ -642,7 +603,7 @@ exit 0 %defattr(644,root,root,755) %doc CHANGES LICENSE README html/index.html conf/nginx.conf %doc %lang(ru) CHANGES.ru -%dir %attr(754,root,root) %{_sysconfdir} +%dir %attr(750,root,nginx) %{_sysconfdir} %dir %{_nginxdir} %dir %{_nginxdir}/cgi-bin %dir %{_nginxdir}/html