diff options
| author |   Dawid Węgliński <cla@gentoo.org> | 2009-07-19 14:56:33 +0000 |
|---|---|---|
| committer | Dawid Węgliński <cla@gentoo.org> | 2009-07-19 14:56:33 +0000 |
| commit | 5f35116fb30e3fb0454ebeff198435648c16c35c (patch) | |
| tree | d35581ed6aadc7a7e247a811dd6cfd2f03b0744c /www-servers | |
| parent | ppc stable #274335 (diff) | |
| download | gentoo-2-5f35116fb30e3fb0454ebeff198435648c16c35c.tar.gz gentoo-2-5f35116fb30e3fb0454ebeff198435648c16c35c.tar.bz2 gentoo-2-5f35116fb30e3fb0454ebeff198435648c16c35c.zip | |
Enable NginxHttpSecureLinkModule (bug #269810), enable ipv6 support in nginx (bug #274614).
(Portage version: 2.2_rc33/cvs/Linux x86_64)
Diffstat (limited to 'www-servers')
| -rw-r--r-- | www-servers/nginx/ChangeLog | 11 | ||||
| -rw-r--r-- | www-servers/nginx/files/nginx-secure-link-timeout.patch | 131 | ||||
| -rw-r--r-- | www-servers/nginx/metadata.xml | 1 | ||||
| -rw-r--r-- | www-servers/nginx/nginx-0.8.4-r1.ebuild | 117 |
4 files changed, 259 insertions, 1 deletions
diff --git a/www-servers/nginx/ChangeLog b/www-servers/nginx/ChangeLog index 95013ef5c188..6eb0f5caf713 100644 --- a/www-servers/nginx/ChangeLog +++ b/www-servers/nginx/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for www-servers/nginx # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-servers/nginx/ChangeLog,v 1.219 2009/07/09 13:44:57 voxus Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-servers/nginx/ChangeLog,v 1.220 2009/07/19 14:56:33 cla Exp $ + +*nginx-0.8.4-r1 (19 Jul 2009) + + 19 Jul 2009; Dawid Węgliński <cla@gentoo.org> + +files/nginx-secure-link-timeout.patch, metadata.xml, + +nginx-0.8.4-r1.ebuild: + Enable NginxHttpSecureLinkModule (bug #269810) + Enable ipv6 support in nginx (bug #274614). + Bug me for problems with those changes. 09 Jul 2009; Konstantin V. Arkhipov <voxus@gentoo.org> -nginx-0.6.32.ebuild, nginx-0.6.38.ebuild, nginx-0.7.61.ebuild: diff --git a/www-servers/nginx/files/nginx-secure-link-timeout.patch b/www-servers/nginx/files/nginx-secure-link-timeout.patch new file mode 100644 index 000000000000..039e25063806 --- /dev/null +++ b/www-servers/nginx/files/nginx-secure-link-timeout.patch @@ -0,0 +1,131 @@ +diff -Naur nginx-0.7.55.org/src/http/modules/ngx_http_secure_link_module.c nginx-0.7.55/src/http/modules/ngx_http_secure_link_module.c +--- nginx-0.7.55.org/src/http/modules/ngx_http_secure_link_module.c 2009-05-13 14:44:15.000000000 +0200 ++++ nginx-0.7.55/src/http/modules/ngx_http_secure_link_module.c 2009-05-13 15:00:49.000000000 +0200 +@@ -12,6 +12,7 @@ + + typedef struct { + ngx_str_t secret; ++ time_t timeout; + } ngx_http_secure_link_conf_t; + + +@@ -30,6 +31,12 @@ + offsetof(ngx_http_secure_link_conf_t, secret), + NULL }, + ++ { ngx_string("secure_link_timeout"), ++ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ++ ngx_conf_set_sec_slot, ++ NGX_HTTP_LOC_CONF_OFFSET, ++ offsetof(ngx_http_secure_link_conf_t, timeout), ++ NULL }, + ngx_null_command + }; + +@@ -67,22 +74,36 @@ + + static ngx_str_t ngx_http_secure_link = ngx_string("secure_link"); + ++static u_char ++ngx_hex2int(u_char hex) ++{ ++ hex = hex - '0'; ++ if (hex > 9) { ++ hex = (hex + '0' - 1) | 0x20; ++ hex = hex - 'a' + 11; ++ } ++ if (hex > 15) ++ hex = 0xFF; ++ ++ return hex; ++} + + static ngx_int_t + ngx_http_secure_link_variable(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) + { +- u_char *p, *start, *end, *last; +- size_t len; ++ u_char *p, *start, *end, *last, *tss, *tse; ++ size_t len, tslen; + ngx_int_t n; + ngx_uint_t i; + ngx_md5_t md5; ++ time_t ts; + ngx_http_secure_link_conf_t *conf; + u_char hash[16]; + + conf = ngx_http_get_module_loc_conf(r, ngx_http_secure_link_module); + +- if (conf->secret.len == 0) { ++ if (conf->secret.len == 0 || conf->timeout == 0) { + goto not_found; + } + +@@ -103,22 +124,46 @@ + while (p < last) { + if (*p++ == '/') { + end = p - 1; +- goto url_start; ++ goto tstamp_start; + } + } + + goto not_found; + ++ tstamp_start: ++ ++ tss = p; ++ ++ while (p < last) { ++ if (*p++ == '/') { ++ tse = p - 1; ++ goto url_start; ++ } ++ } ++ ++ goto not_found; ++ + url_start: + ++ tslen = tse - tss; + len = last - p; + +- if (end - start != 32 || len == 0) { ++ if (end - start != 32 || len == 0 || tslen != 8) { + goto not_found; + } + ++ ts = 0; ++ for (i = 0; i < 8; i++) { ++ ts = (ts << 4) + ngx_hex2int(tss[i]); ++ } ++ ++ if (ts < r->start_sec - conf->timeout) { ++ goto not_found; ++ } ++ + ngx_md5_init(&md5); + ngx_md5_update(&md5, p, len); ++ ngx_md5_update(&md5, tss, tslen); + ngx_md5_update(&md5, conf->secret.data, conf->secret.len); + ngx_md5_final(hash, &md5); + +@@ -160,7 +205,8 @@ + * + * conf->secret = { 0, NULL } + */ +- ++ ++ conf->timeout = NGX_CONF_UNSET; + return conf; + } + +@@ -172,6 +218,7 @@ + ngx_http_secure_link_conf_t *conf = child; + + ngx_conf_merge_str_value(conf->secret, prev->secret, ""); ++ ngx_conf_merge_sec_value(conf->timeout, prev->timeout, 3600); + + return NGX_CONF_OK; + } diff --git a/www-servers/nginx/metadata.xml b/www-servers/nginx/metadata.xml index f569eff41901..a211b0313cf2 100644 --- a/www-servers/nginx/metadata.xml +++ b/www-servers/nginx/metadata.xml @@ -9,6 +9,7 @@ <flag name='addition'>Enables HTTP addition filter module</flag> <flag name='flv'>Enables special processing module for flv files</flag> <flag name='random-index'>Enables HTTP random index module</flag> + <flag name='securelink'>Enable HTTP secure link module</flag> <flag name='status'>Enables stub_status module</flag> <flag name='sub'>Enables sub_filter module</flag> <flag name='webdav'>Enable webdav support</flag> diff --git a/www-servers/nginx/nginx-0.8.4-r1.ebuild b/www-servers/nginx/nginx-0.8.4-r1.ebuild new file mode 100644 index 000000000000..1d89f2b9c268 --- /dev/null +++ b/www-servers/nginx/nginx-0.8.4-r1.ebuild @@ -0,0 +1,117 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/www-servers/nginx/nginx-0.8.4-r1.ebuild,v 1.1 2009/07/19 14:56:33 cla Exp $ + +inherit eutils ssl-cert toolchain-funcs + +DESCRIPTION="Robust, small and high performance http and reverse proxy server" + +HOMEPAGE="http://nginx.net/" +SRC_URI="http://sysoev.ru/nginx/${P}.tar.gz" +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86 ~x86-fbsd" +IUSE="addition debug fastcgi flv imap ipv6 pcre perl random-index securelink ssl status sub webdav zlib" + +DEPEND="dev-lang/perl + pcre? ( >=dev-libs/libpcre-4.2 ) + ssl? ( dev-libs/openssl ) + zlib? ( sys-libs/zlib ) + perl? ( >=dev-lang/perl-5.8 )" + +pkg_setup() { + ebegin "Creating nginx user and group" + enewgroup ${PN} + enewuser ${PN} -1 -1 -1 ${PN} + eend ${?} + if use ipv6; then + ewarn "Note that ipv6 support in nginx is still experimental." + ewarn "Be sure to read comments on gentoo bug #274614" + ewarn "http://bugs.gentoo.org/show_bug.cgi?id=274614" + fi +} + +src_unpack() { + unpack ${A} + sed -i 's/ make/ \\$(MAKE)/' "${S}"/auto/lib/perl/make || die + epatch "${FILESDIR}"/${PN}-secure-link-timeout.patch +} + +src_compile() { + local myconf + + # threads support is broken atm. + # + # if use threads; then + # einfo + # ewarn "threads support is experimental at the moment" + # ewarn "do not use it on production systems - you've been warned" + # einfo + # myconf="${myconf} --with-threads" + # fi + + use addition && myconf="${myconf} --with-http_addition_module" + use ipv6 && myconf="${myconf} --with-ipv6" + use fastcgi || myconf="${myconf} --without-http_fastcgi_module" + use fastcgi && myconf="${myconf} --with-http_realip_module" + use flv && myconf="${myconf} --with-http_flv_module" + use zlib || myconf="${myconf} --without-http_gzip_module" + use pcre || { + myconf="${myconf} --without-pcre --without-http_rewrite_module" + } + use debug && myconf="${myconf} --with-debug" + use ssl && myconf="${myconf} --with-http_ssl_module" + use imap && myconf="${myconf} --with-imap" # pop3/imap4 proxy support + use perl && myconf="${myconf} --with-http_perl_module" + use status && myconf="${myconf} --with-http_stub_status_module" + use webdav && myconf="${myconf} --with-http_dav_module" + use sub && myconf="${myconf} --with-http_sub_module" + use random-index && myconf="${myconf} --with-http_random_index_module" + use securelink && myconf="${myconf} --with-http_secure_link_module" + + tc-export CC + ./configure \ + --prefix=/usr \ + --conf-path=/etc/${PN}/${PN}.conf \ + --http-log-path=/var/log/${PN}/access_log \ + --error-log-path=/var/log/${PN}/error_log \ + --pid-path=/var/run/${PN}.pid \ + --http-client-body-temp-path=/var/tmp/${PN}/client \ + --http-proxy-temp-path=/var/tmp/${PN}/proxy \ + --http-fastcgi-temp-path=/var/tmp/${PN}/fastcgi \ + --with-md5-asm --with-md5=/usr/include \ + --with-sha1-asm --with-sha1=/usr/include \ + ${myconf} || die "configure failed" + + emake LINK="${CC} ${LDFLAGS}" OTHERLDFLAGS="${LDFLAGS}" || die "failed to compile" +} + +src_install() { + keepdir /var/log/${PN} /var/tmp/${PN}/{client,proxy,fastcgi} + + dosbin objs/nginx + cp "${FILESDIR}"/nginx-r1 "${T}"/nginx + doinitd "${T}"/nginx + + cp "${FILESDIR}"/nginx.conf-r4 conf/nginx.conf + + dodir /etc/${PN} + insinto /etc/${PN} + doins conf/* + + dodoc CHANGES{,.ru} README + + use perl && { + cd "${S}"/objs/src/http/modules/perl/ + einstall DESTDIR="${D}"|| die "failed to install perl stuff" + } +} + +pkg_postinst() { + use ssl && { + if [ ! -f "${ROOT}"/etc/ssl/${PN}/${PN}.key ]; then + install_cert /etc/ssl/${PN}/${PN} + chown ${PN}:${PN} "${ROOT}"/etc/ssl/${PN}/${PN}.{crt,csr,key,pem} + fi + } +} |