diff --git a/src/nginx-mainline-rtmp/PKGBUILD b/src/nginx-mainline-rtmp/PKGBUILD index 74b3134..031d4da 100644 --- a/src/nginx-mainline-rtmp/PKGBUILD +++ b/src/nginx-mainline-rtmp/PKGBUILD @@ -4,16 +4,18 @@ # Contributor: Drew DeVault # Contributor: Florent ThiƩry # Contributor: moparisthebest +# Contributer: Phillip Schichtel +_nginx_version=1.13.6 +_rtmp_version=1.2.0 pkgname=nginx-mainline-rtmp -pkgver=1.11.8 +pkgver="${_nginx_version}.${_rtmp_version}" pkgrel=1 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server, mainline-rtmp release' -arch=('i686' 'x86_64' 'armv7h') +arch=('i686' 'x86_64' 'armv7h' 'armv6h') url='https://nginx.org' license=('custom') depends=('pcre' 'zlib' 'openssl' 'geoip') -makedepends=('hardening-wrapper') backup=('etc/nginx/fastcgi.conf' 'etc/nginx/fastcgi_params' 'etc/nginx/koi-win' @@ -28,18 +30,18 @@ backup=('etc/nginx/fastcgi.conf' install=nginx.install provides=('nginx') conflicts=('nginx') -source=($url/download/nginx-$pkgver.tar.gz{,.asc} - https://github.com/arut/nginx-rtmp-module/archive/v1.1.10.tar.gz +source=($url/download/nginx-${_nginx_version}.tar.gz{,.asc} + https://github.com/arut/nginx-rtmp-module/archive/v${_rtmp_version}.tar.gz service logrotate crossdomain.xml nginx.conf) validpgpkeys=('B0F4253373F8F6F510D42178520A9993A1C052F8') # Maxim Dounin -md5sums=('8f68f49b6db510e567bba9e0c271a3ac' +md5sums=('f84d3f782c168bfdfb734700e51a929f' 'SKIP' - '2e82501ed423a901ab64bfe2228a0666' - 'ce9a06bcaf66ec4a3c4eb59b636e0dfd' - 'd6a6d4d819f03a675bacdfabd25aa37e' + '1a47951b64f3f726a9d4620774643759' + 'ef491e760e7c1ffec9ca25441a150c83' + '6a01fb17af86f03707c8ae60f98a2dc2' '4d2e9c834fa2e60cd8b23185b93d2e2e' '35a9c62e780ab952fb89b613f0af97cd') @@ -64,10 +66,14 @@ _common_flags=( --with-http_v2_module --with-mail --with-mail_ssl_module + --with-pcre-jit --with-stream + --with-stream_geoip_module + --with-stream_realip_module --with-stream_ssl_module + --with-stream_ssl_preread_module --with-threads - --add-module=../nginx-rtmp-module-1.1.10 + "--add-module=../nginx-rtmp-module-${_rtmp_version}" ) _mainline_flags=( @@ -77,7 +83,7 @@ _mainline_flags=( ) build() { - cd $provides-$pkgver + cd "$provides-${_nginx_version}" ./configure \ --prefix=/etc/nginx \ --conf-path=/etc/nginx/nginx.conf \ @@ -93,6 +99,8 @@ build() { --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ --http-scgi-temp-path=/var/lib/nginx/scgi \ --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \ + --with-cc-opt="$CFLAGS $CPPFLAGS" \ + --with-ld-opt="$LDFLAGS" \ ${_common_flags[@]} \ ${_mainline_flags[@]} @@ -100,7 +108,7 @@ build() { } package() { - cd $provides-$pkgver + cd "$provides-${_nginx_version}" make DESTDIR="$pkgdir" install sed -e 's|\ "$pkgdir"/usr/share/man/man8/nginx.8.gz for i in ftdetect indent syntax; do - install -Dm644 contrib/vim/${i}/nginx.vim \ - "${pkgdir}/usr/share/vim/vimfiles/${i}/nginx.vim" + install -Dm644 contrib/vim/$i/nginx.vim \ + "$pkgdir/usr/share/vim/vimfiles/$i/nginx.vim" done } diff --git a/src/nginx-mainline-rtmp/logrotate b/src/nginx-mainline-rtmp/logrotate index 6fcf558..e0afbb9 100644 --- a/src/nginx-mainline-rtmp/logrotate +++ b/src/nginx-mainline-rtmp/logrotate @@ -5,6 +5,6 @@ sharedscripts compress postrotate - test ! -r /var/run/nginx.pid || kill -USR1 `cat /var/run/nginx.pid` + test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid` endscript } diff --git a/src/nginx-mainline-rtmp/nginx.install b/src/nginx-mainline-rtmp/nginx.install index 7c4adf1..90d24a5 100644 --- a/src/nginx-mainline-rtmp/nginx.install +++ b/src/nginx-mainline-rtmp/nginx.install @@ -1,21 +1,12 @@ post_upgrade() { - if (( $(vercmp $2 1.2.7-4) <= 0 )); then - chmod 750 var/log/nginx - chown http:log var/log/nginx - fi - if (( $(vercmp $2 1.2.1-2) <= 0 )); then - echo ' >>> Since 1.2.1-2 several changes has been made in package:' - echo ' - *.conf files have been moved to /etc/nginx' - echo ' - /etc/conf.d/nginx has been removed' - echo ' Main configuration file is set to /etc/nginx/nginx.conf' - echo ' - access.log and error.log can be found in /var/log/nginx by default' - echo ' - bundled *.html files have been moved to /usr/share/nginx/html' - echo ' - /etc/nginx/{html,logs} symbolic links and *.default files have been removed' - fi - if (( $(vercmp $2 1.4.2-4) < 0 )); then - echo 'Nginx now includes only upstream bundled modules.' - echo 'Thus, passenger module support was dropped.' - fi -} + if (( $(vercmp $2 1.11.8-2) < 0)); then + chown root:root var/log/nginx + fi -# vim:set ts=4 sw=4 et: + if (( $(vercmp $2 1.11.9-2) < 0 )); then + chmod 755 var/log/nginx + echo ':: Security notice:' + echo ' - When additional log directories are used in /var/log/nginx make sure they' + echo ' are owned by root:root and have 755 set as permission to mitigate CVE-2016-1247' + fi +} diff --git a/src/nginx-mainline-rtmp/service b/src/nginx-mainline-rtmp/service index 29d3aa8..365bc95 100644 --- a/src/nginx-mainline-rtmp/service +++ b/src/nginx-mainline-rtmp/service @@ -1,14 +1,17 @@ [Unit] Description=A high performance web server and a reverse proxy server -After=syslog.target network.target +After=network.target network-online.target nss-lookup.target [Service] Type=forking PIDFile=/run/nginx.pid -ExecStartPre=/usr/bin/nginx -t -q -g 'pid /run/nginx.pid; daemon on; master_process on;' -ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' -ExecReload=/usr/bin/nginx -g 'pid /run/nginx.pid; daemon on; master_process on;' -s reload -ExecStop=/usr/bin/nginx -g 'pid /run/nginx.pid;' -s quit +PrivateDevices=yes +SyslogLevel=err + +ExecStart=/usr/bin/nginx -g 'pid /run/nginx.pid; error_log stderr;' +ExecReload=/usr/bin/nginx -s reload +KillSignal=SIGQUIT +KillMode=mixed [Install] WantedBy=multi-user.target