diff options
author | Remi Collet <remi@remirepo.net> | 2019-01-16 08:59:51 +0100 |
---|---|---|
committer | Remi Collet <remi@remirepo.net> | 2019-01-16 08:59:51 +0100 |
commit | acf99b02610aadddd42dc434c36ed3fe0b9eb5af (patch) | |
tree | e167fffd0c57bd02b1662b20509eb0e59bc2ef14 |
initial package
open https://github.com/nginx/unit/pull/215 system crypto policy
open https://github.com/nginx/unit/pull/212 systemd improvments
-rw-r--r-- | .gitignore | 8 | ||||
-rw-r--r-- | 215.patch | 42 | ||||
-rw-r--r-- | Makefile | 4 | ||||
-rw-r--r-- | unit.init | 88 | ||||
-rw-r--r-- | unit.service | 26 | ||||
-rw-r--r-- | unit.spec | 196 | ||||
-rw-r--r-- | unit.sysconf | 1 |
7 files changed, 365 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fc9aa8c --- /dev/null +++ b/.gitignore @@ -0,0 +1,8 @@ +clog +package-*.xml +*.tgz +*.tar.gz +*.tar.xz +*.tar.xz.asc +*.src.rpm +*/*rpm diff --git a/215.patch b/215.patch new file mode 100644 index 0000000..d98ecb3 --- /dev/null +++ b/215.patch @@ -0,0 +1,42 @@ +From 41243ec789c0c9d5b625c76abbc401333d876ee5 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Wed, 16 Jan 2019 08:38:53 +0100 +Subject: [PATCH] prefer system crypto policy + +--- + src/nxt_openssl.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c +index 99dd207..6d9df48 100644 +--- a/src/nxt_openssl.c ++++ b/src/nxt_openssl.c +@@ -248,7 +248,7 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf) + { + SSL_CTX *ctx; + nxt_fd_t fd; +- const char *ciphers, *ca_certificate; ++ const char *ca_certificate; + STACK_OF(X509_NAME) *list; + + ctx = SSL_CTX_new(SSLv23_server_method()); +@@ -303,13 +303,13 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf) + goto fail; + } + */ +- ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5"; +- +- if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) { +- nxt_openssl_log_error(task, NXT_LOG_ALERT, ++ if (conf->ciphers) { /* else use system crypto policy */ ++ if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) { ++ nxt_openssl_log_error(task, NXT_LOG_ALERT, + "SSL_CTX_set_cipher_list(\"%s\") failed", +- ciphers); +- goto fail; ++ conf->ciphers); ++ goto fail; ++ } + } + + SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..1e65467 --- /dev/null +++ b/Makefile @@ -0,0 +1,4 @@ +SRCDIR := $(shell pwd) +NAME := $(shell basename $(SRCDIR)) +include ../common/Makefile + diff --git a/unit.init b/unit.init new file mode 100644 index 0000000..e1aacd8 --- /dev/null +++ b/unit.init @@ -0,0 +1,88 @@ +#!/bin/sh +# +# unitd NGINX Unit +# +# chkconfig: - 86 14 +# description: NGINX Unit + +### BEGIN INIT INFO +# Provides: unitd +# Required-Start: $local_fs $network $named $syslog +# Required-Stop: $local_fs $network $named $syslog +# Default-Start: +# Default-Stop: 0 1 2 3 4 5 6 +# Short-Description: NGINX Unit +# Description: NGINX Unit +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +exec="/usr/sbin/unitd" +prog="unitd" + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + echo -n $"Starting $prog: " + daemon $exec $UNITD_OPTIONS + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +rh_status() { + status $prog +} + +rh_status_q() { + rh_status &>/dev/null +} + + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload|force-reload) + echo "Not implemented." >&2 + exit 1 + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}" + exit 2 +esac +exit $? diff --git a/unit.service b/unit.service new file mode 100644 index 0000000..f888685 --- /dev/null +++ b/unit.service @@ -0,0 +1,26 @@ +# Modifying this file in-place is not recommended, because changes +# will be overwritten during package upgrades. To customize the +# behaviour, run "systemctl edit unit" to create an override unit. + +# For example, to change options given to the unitd binary at startup, +# create an override unit (as is done by systemctl edit) and enter +# the following: + +# [Service] +# Environment="UNITD_OPTIONS=--log /var/log/unit/unit.log --pid /run/unit/unit.pid" + +[Unit] +Description=NGINX Unit +Wants=network-online.target +After=network-online.target + +[Service] +Type=simple +Environment="UNITD_OPTIONS=--log /var/log/unit/unit.log --pid /run/unit/unit.pid" +ExecStart=/usr/sbin/unitd $UNITD_OPTIONS --no-daemon +ExecReload= +RuntimeDirectory=unit +RuntimeDirectoryMode=0755 + +[Install] +WantedBy=multi-user.target diff --git a/unit.spec b/unit.spec new file mode 100644 index 0000000..908d126 --- /dev/null +++ b/unit.spec @@ -0,0 +1,196 @@ +# remirepo/fedora spec file for unit-php +# +# Copyright (c) 2019 Remi Collet +# License: CC-BY-SA +# http://creativecommons.org/licenses/by-sa/4.0/ +# +# Please, preserve the changelog entries +# + +%global gh_owner nginx +%global project unit +%global gh_commit c51e1aa47dcb13b7118e0be00619736ccca839df +%global gh_short %(c=%{gh_commit}; echo ${c:0:7}) + +# distribution specific definitions +%global use_systemd (0%{?rhel} >= 7 || 0%{?fedora} >= 19) +%global with_tests 0%{!?_without_tests:1} + +Name: unit +Summary: NGINX Unit application server +Version: 1.7 +Release: 1%{?dist} +License: ASL 2.0 +URL: https://unit.nginx.org/ + +Source0: https://github.com/%{gh_owner}/%{project}/archive/%{gh_commit}/%{project}-%{version}-%{gh_short}.tar.gz +Source1: unit.service +Source2: unit.init +Source3: unit.sysconf + + +# Use system crypto policy +Patch0: https://github.com/nginx/unit/pull/215.patch + +BuildRequires: openssl-devel +%if %{use_systemd} +BuildRequires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +%else +Requires: initscripts >= 8.36 +%endif +Provides: nginx-unit = %{version}-%{release} + + +%description +NGINX Unit is a runtime and delivery environment for modern distributed +applications. It runs the application code in multiple languages +(PHP, Python, Go, etc.), and tightly couples it with traffic delivery +in and out of the application. Take this application server and proxy +directly in the cloud / container environments and fully control your app +dynamically via an API. + + +%package devel +Summary: NGINX Unit (development files) +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +Library and include files required for NGINX Unit modules development. + + +%prep +%setup -qn %{project}-%{gh_commit} +%patch0 -p1 -b .syspol + +cp pkg/rpm/rpmbuild/SOURCES/unit.example.config example.config + + +%build +unitconf() { +./configure \ + --libdir=%{_libdir} \ + --prefix=%{_prefix} \ + --state=%{_sharedstatedir}/unit \ +%if %{use_systemd} + --control="unix:/run/unit/control.sock" \ + --pid=/run/unit.pid \ +%else + --control="unix:/var/run/unit/control.sock" \ + --pid=/var/run/unit.pid \ +%endif + --log=/var/log/unit.log \ + --openssl \ + --cc-opt="%{optflags}" \ + --tests \ + $* +} + +unitconf \ + --modules=%{_libdir}/unit/debug-modules \ + --debug +make %{?_smp_mflags} +make %{?_smp_mflags} build/libunit.a +mv build build-debug + +unitconf \ + --modules=%{_libdir}/unit/modules +make %{?_smp_mflags} + + +%install +DESTDIR=%{buildroot} make unitd-install libunit-install + +install -m755 build-debug/unitd %{buildroot}%{_sbindir}/unitd-debug +install -m644 build-debug/libunit.a %{buildroot}%{_libdir}/libunit-debug.a + +mkdir -p %{buildroot}%{_sysconfdir}/%{name} +mkdir -p %{buildroot}%{_libdir}/%{name}/modules +mkdir -p %{buildroot}%{_libdir}/%{name}/debug-modules +mkdir -p %{buildroot}%{_sharedstatedir}/%{name} +mkdir -p %{buildroot}%{_localstatedir}/log/%{name} +mkdir -p %{buildroot}%{_localstatedir}/run/%{name} + +# init scripts +%if %{use_systemd} +install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service +mkdir -p %{buildroot}%{_sysconfdir}/systemd/system/%{name}.service.d + +%else +install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name} +install -p -D -m 0755 %{SOURCE2} %{buildroot}%{_initrddir}/%{name} +%endif + + +%check +%if %{with_tests} +make tests %{?_smp_mflags} +./build/tests +%endif + + +%post +%if %{use_systemd} +%systemd_post %{name}.service +%else +/sbin/chkconfig --add unit +%endif + +%preun +%if %{use_systemd} +%systemd_preun %{name}.service +%else +if [ $1 -eq 0 ]; then + /sbin/service unit stop >/dev/null 2>&1 + /sbin/chkconfig --del unit +fi +%endif + +%postun +%if %{use_systemd} +%systemd_postun_with_restart %{name}.service +%else +if [ $1 -ge 1 ]; then + /sbin/service unit condrestart >/dev/null 2>&1 ||: +fi +%endif + + +%files +%{!?_licensedir:%global license %%doc} +%license LICENSE +%doc NOTICE README CHANGES +%doc example.config +%attr(0755,root,root) %{_sbindir}/unitd +%attr(0755,root,root) %{_sbindir}/unitd-debug +%dir %{_sysconfdir}/unit +%dir %{_libdir}/unit/modules +%dir %{_libdir}/unit/debug-modules +%dir %{_sharedstatedir}/unit +%dir %attr(0700,root,root) %{_localstatedir}/log/unit + +%if %{use_systemd} +%dir %{_sysconfdir}/systemd/system/%{name}.service.d +%{_unitdir}/unit.service +%dir %attr(0755,root,root) %ghost /run/unit + +%else +%config(noreplace) %{_sysconfdir}/sysconfig/unit +%dir %attr(0755,root,root) %{_localstatedir}/run/unit +%{_initrddir}/unit +%endif + +%files devel +# API is not stable YET, so keep the static library for now (like upstream packages) +%{_libdir}/libunit.a +%{_libdir}/libunit-debug.a +%{_includedir}/nxt_*.h + + +%changelog +* Tue Jan 15 2019 Remi Collet <remi@remirepo.net> - 1.7-1 +- initial package +- open https://github.com/nginx/unit/pull/215 system crypto policy +- open https://github.com/nginx/unit/pull/212 systemd improvments diff --git a/unit.sysconf b/unit.sysconf new file mode 100644 index 0000000..9146bda --- /dev/null +++ b/unit.sysconf @@ -0,0 +1 @@ +UNITD_OPTIONS="--log /var/log/unit/unit.log --pid /var/run/unit/unit.pid" |