summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2019-01-16 08:59:51 +0100
committerRemi Collet <remi@remirepo.net>2019-01-16 08:59:51 +0100
commitacf99b02610aadddd42dc434c36ed3fe0b9eb5af (patch)
treee167fffd0c57bd02b1662b20509eb0e59bc2ef14
initial package
open https://github.com/nginx/unit/pull/215 system crypto policy open https://github.com/nginx/unit/pull/212 systemd improvments
-rw-r--r--.gitignore8
-rw-r--r--215.patch42
-rw-r--r--Makefile4
-rw-r--r--unit.init88
-rw-r--r--unit.service26
-rw-r--r--unit.spec196
-rw-r--r--unit.sysconf1
7 files changed, 365 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..fc9aa8c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+clog
+package-*.xml
+*.tgz
+*.tar.gz
+*.tar.xz
+*.tar.xz.asc
+*.src.rpm
+*/*rpm
diff --git a/215.patch b/215.patch
new file mode 100644
index 0000000..d98ecb3
--- /dev/null
+++ b/215.patch
@@ -0,0 +1,42 @@
+From 41243ec789c0c9d5b625c76abbc401333d876ee5 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Wed, 16 Jan 2019 08:38:53 +0100
+Subject: [PATCH] prefer system crypto policy
+
+---
+ src/nxt_openssl.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
+index 99dd207..6d9df48 100644
+--- a/src/nxt_openssl.c
++++ b/src/nxt_openssl.c
+@@ -248,7 +248,7 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf)
+ {
+ SSL_CTX *ctx;
+ nxt_fd_t fd;
+- const char *ciphers, *ca_certificate;
++ const char *ca_certificate;
+ STACK_OF(X509_NAME) *list;
+
+ ctx = SSL_CTX_new(SSLv23_server_method());
+@@ -303,13 +303,13 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf)
+ goto fail;
+ }
+ */
+- ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
+-
+- if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
+- nxt_openssl_log_error(task, NXT_LOG_ALERT,
++ if (conf->ciphers) { /* else use system crypto policy */
++ if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) {
++ nxt_openssl_log_error(task, NXT_LOG_ALERT,
+ "SSL_CTX_set_cipher_list(\"%s\") failed",
+- ciphers);
+- goto fail;
++ conf->ciphers);
++ goto fail;
++ }
+ }
+
+ SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..1e65467
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,4 @@
+SRCDIR := $(shell pwd)
+NAME := $(shell basename $(SRCDIR))
+include ../common/Makefile
+
diff --git a/unit.init b/unit.init
new file mode 100644
index 0000000..e1aacd8
--- /dev/null
+++ b/unit.init
@@ -0,0 +1,88 @@
+#!/bin/sh
+#
+# unitd NGINX Unit
+#
+# chkconfig: - 86 14
+# description: NGINX Unit
+
+### BEGIN INIT INFO
+# Provides: unitd
+# Required-Start: $local_fs $network $named $syslog
+# Required-Stop: $local_fs $network $named $syslog
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: NGINX Unit
+# Description: NGINX Unit
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+exec="/usr/sbin/unitd"
+prog="unitd"
+
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+lockfile=/var/lock/subsys/$prog
+
+start() {
+ [ -x $exec ] || exit 5
+ echo -n $"Starting $prog: "
+ daemon $exec $UNITD_OPTIONS
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && touch $lockfile
+ return $retval
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ killproc $prog
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && rm -f $lockfile
+ return $retval
+}
+
+restart() {
+ stop
+ start
+}
+
+rh_status() {
+ status $prog
+}
+
+rh_status_q() {
+ rh_status &>/dev/null
+}
+
+
+case "$1" in
+ start)
+ rh_status_q && exit 0
+ $1
+ ;;
+ stop)
+ rh_status_q || exit 0
+ $1
+ ;;
+ restart)
+ $1
+ ;;
+ reload|force-reload)
+ echo "Not implemented." >&2
+ exit 1
+ ;;
+ status)
+ rh_status
+ ;;
+ condrestart|try-restart)
+ rh_status_q || exit 0
+ restart
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}"
+ exit 2
+esac
+exit $?
diff --git a/unit.service b/unit.service
new file mode 100644
index 0000000..f888685
--- /dev/null
+++ b/unit.service
@@ -0,0 +1,26 @@
+# Modifying this file in-place is not recommended, because changes
+# will be overwritten during package upgrades. To customize the
+# behaviour, run "systemctl edit unit" to create an override unit.
+
+# For example, to change options given to the unitd binary at startup,
+# create an override unit (as is done by systemctl edit) and enter
+# the following:
+
+# [Service]
+# Environment="UNITD_OPTIONS=--log /var/log/unit/unit.log --pid /run/unit/unit.pid"
+
+[Unit]
+Description=NGINX Unit
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+Environment="UNITD_OPTIONS=--log /var/log/unit/unit.log --pid /run/unit/unit.pid"
+ExecStart=/usr/sbin/unitd $UNITD_OPTIONS --no-daemon
+ExecReload=
+RuntimeDirectory=unit
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
diff --git a/unit.spec b/unit.spec
new file mode 100644
index 0000000..908d126
--- /dev/null
+++ b/unit.spec
@@ -0,0 +1,196 @@
+# remirepo/fedora spec file for unit-php
+#
+# Copyright (c) 2019 Remi Collet
+# License: CC-BY-SA
+# http://creativecommons.org/licenses/by-sa/4.0/
+#
+# Please, preserve the changelog entries
+#
+
+%global gh_owner nginx
+%global project unit
+%global gh_commit c51e1aa47dcb13b7118e0be00619736ccca839df
+%global gh_short %(c=%{gh_commit}; echo ${c:0:7})
+
+# distribution specific definitions
+%global use_systemd (0%{?rhel} >= 7 || 0%{?fedora} >= 19)
+%global with_tests 0%{!?_without_tests:1}
+
+Name: unit
+Summary: NGINX Unit application server
+Version: 1.7
+Release: 1%{?dist}
+License: ASL 2.0
+URL: https://unit.nginx.org/
+
+Source0: https://github.com/%{gh_owner}/%{project}/archive/%{gh_commit}/%{project}-%{version}-%{gh_short}.tar.gz
+Source1: unit.service
+Source2: unit.init
+Source3: unit.sysconf
+
+
+# Use system crypto policy
+Patch0: https://github.com/nginx/unit/pull/215.patch
+
+BuildRequires: openssl-devel
+%if %{use_systemd}
+BuildRequires: systemd
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+%else
+Requires: initscripts >= 8.36
+%endif
+Provides: nginx-unit = %{version}-%{release}
+
+
+%description
+NGINX Unit is a runtime and delivery environment for modern distributed
+applications. It runs the application code in multiple languages
+(PHP, Python, Go, etc.), and tightly couples it with traffic delivery
+in and out of the application. Take this application server and proxy
+directly in the cloud / container environments and fully control your app
+dynamically via an API.
+
+
+%package devel
+Summary: NGINX Unit (development files)
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description devel
+Library and include files required for NGINX Unit modules development.
+
+
+%prep
+%setup -qn %{project}-%{gh_commit}
+%patch0 -p1 -b .syspol
+
+cp pkg/rpm/rpmbuild/SOURCES/unit.example.config example.config
+
+
+%build
+unitconf() {
+./configure \
+ --libdir=%{_libdir} \
+ --prefix=%{_prefix} \
+ --state=%{_sharedstatedir}/unit \
+%if %{use_systemd}
+ --control="unix:/run/unit/control.sock" \
+ --pid=/run/unit.pid \
+%else
+ --control="unix:/var/run/unit/control.sock" \
+ --pid=/var/run/unit.pid \
+%endif
+ --log=/var/log/unit.log \
+ --openssl \
+ --cc-opt="%{optflags}" \
+ --tests \
+ $*
+}
+
+unitconf \
+ --modules=%{_libdir}/unit/debug-modules \
+ --debug
+make %{?_smp_mflags}
+make %{?_smp_mflags} build/libunit.a
+mv build build-debug
+
+unitconf \
+ --modules=%{_libdir}/unit/modules
+make %{?_smp_mflags}
+
+
+%install
+DESTDIR=%{buildroot} make unitd-install libunit-install
+
+install -m755 build-debug/unitd %{buildroot}%{_sbindir}/unitd-debug
+install -m644 build-debug/libunit.a %{buildroot}%{_libdir}/libunit-debug.a
+
+mkdir -p %{buildroot}%{_sysconfdir}/%{name}
+mkdir -p %{buildroot}%{_libdir}/%{name}/modules
+mkdir -p %{buildroot}%{_libdir}/%{name}/debug-modules
+mkdir -p %{buildroot}%{_sharedstatedir}/%{name}
+mkdir -p %{buildroot}%{_localstatedir}/log/%{name}
+mkdir -p %{buildroot}%{_localstatedir}/run/%{name}
+
+# init scripts
+%if %{use_systemd}
+install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
+mkdir -p %{buildroot}%{_sysconfdir}/systemd/system/%{name}.service.d
+
+%else
+install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
+install -p -D -m 0755 %{SOURCE2} %{buildroot}%{_initrddir}/%{name}
+%endif
+
+
+%check
+%if %{with_tests}
+make tests %{?_smp_mflags}
+./build/tests
+%endif
+
+
+%post
+%if %{use_systemd}
+%systemd_post %{name}.service
+%else
+/sbin/chkconfig --add unit
+%endif
+
+%preun
+%if %{use_systemd}
+%systemd_preun %{name}.service
+%else
+if [ $1 -eq 0 ]; then
+ /sbin/service unit stop >/dev/null 2>&1
+ /sbin/chkconfig --del unit
+fi
+%endif
+
+%postun
+%if %{use_systemd}
+%systemd_postun_with_restart %{name}.service
+%else
+if [ $1 -ge 1 ]; then
+ /sbin/service unit condrestart >/dev/null 2>&1 ||:
+fi
+%endif
+
+
+%files
+%{!?_licensedir:%global license %%doc}
+%license LICENSE
+%doc NOTICE README CHANGES
+%doc example.config
+%attr(0755,root,root) %{_sbindir}/unitd
+%attr(0755,root,root) %{_sbindir}/unitd-debug
+%dir %{_sysconfdir}/unit
+%dir %{_libdir}/unit/modules
+%dir %{_libdir}/unit/debug-modules
+%dir %{_sharedstatedir}/unit
+%dir %attr(0700,root,root) %{_localstatedir}/log/unit
+
+%if %{use_systemd}
+%dir %{_sysconfdir}/systemd/system/%{name}.service.d
+%{_unitdir}/unit.service
+%dir %attr(0755,root,root) %ghost /run/unit
+
+%else
+%config(noreplace) %{_sysconfdir}/sysconfig/unit
+%dir %attr(0755,root,root) %{_localstatedir}/run/unit
+%{_initrddir}/unit
+%endif
+
+%files devel
+# API is not stable YET, so keep the static library for now (like upstream packages)
+%{_libdir}/libunit.a
+%{_libdir}/libunit-debug.a
+%{_includedir}/nxt_*.h
+
+
+%changelog
+* Tue Jan 15 2019 Remi Collet <remi@remirepo.net> - 1.7-1
+- initial package
+- open https://github.com/nginx/unit/pull/215 system crypto policy
+- open https://github.com/nginx/unit/pull/212 systemd improvments
diff --git a/unit.sysconf b/unit.sysconf
new file mode 100644
index 0000000..9146bda
--- /dev/null
+++ b/unit.sysconf
@@ -0,0 +1 @@
+UNITD_OPTIONS="--log /var/log/unit/unit.log --pid /var/run/unit/unit.pid"