diff options
| -rwxr-xr-x | makedeps.sh | 23 | ||||
| -rw-r--r-- | unit-debug.service | 26 | ||||
| -rw-r--r-- | unit-github639.patch | 55 | ||||
| -rw-r--r-- | unit-openssl3.patch | 59 | ||||
| -rw-r--r-- | unit-syspol.patch | 32 | ||||
| -rw-r--r-- | unit.init | 88 | ||||
| -rw-r--r-- | unit.spec | 233 | ||||
| -rw-r--r-- | unit.sysusers | 1 |
8 files changed, 243 insertions, 274 deletions
diff --git a/makedeps.sh b/makedeps.sh new file mode 100755 index 0000000..3fd3c8c --- /dev/null +++ b/makedeps.sh @@ -0,0 +1,23 @@ +#!/bin/sh +EXT=unit + +if [ $# -lt 2 ]; then + echo usage $0 version commit + exit 0 +fi +if [ -f $EXT-$1-$2.tar.gz ]; then + echo "+ Unpack" + tar xf $EXT-$1-$2.tar.gz + + pushd $EXT-$2* + echo "+ Fetch" + pushd src/otel + cargo vendor ../../mycargo + popd + + echo "+ Pack" + tar czf ../$EXT-deps-$1.tgz mycargo + popd +else + echo $EXT-$1-$2.tar.gz missing +fi diff --git a/unit-debug.service b/unit-debug.service new file mode 100644 index 0000000..12ec3db --- /dev/null +++ b/unit-debug.service @@ -0,0 +1,26 @@ +# Modifying this file in-place is not recommended, because changes +# will be overwritten during package upgrades. To customize the +# behaviour, run "systemctl edit unit-debug" to create an override unit. + +# For example, to change options given to the unitd binary at startup, +# create an override unit (as is done by systemctl edit) and enter +# the following: + +# [Service] +# Environment="UNITD_OPTIONS=--log /var/log/unit/unit.log --pid /var/run/unit/unit.pid" + +[Unit] +Description=NGINX Unit +Wants=network-online.target +After=network-online.target + +[Service] +Type=simple +Environment="UNITD_OPTIONS=--log /var/log/unit/unit.log --pid /run/unit/unit.pid" +ExecStart=/usr/sbin/unitd-debug $UNITD_OPTIONS --no-daemon +ExecReload= +RuntimeDirectory=unit +RuntimeDirectoryMode=0755 + +[Install] +WantedBy=multi-user.target diff --git a/unit-github639.patch b/unit-github639.patch deleted file mode 100644 index a06e79c..0000000 --- a/unit-github639.patch +++ /dev/null @@ -1,55 +0,0 @@ -# HG changeset patch -# User Zhidao HONG <z.hong@f5.com> -# Date 1645410293 -28800 -# Mon Feb 21 10:24:53 2022 +0800 -# Node ID 5419d81ccd877b80249bfee71e37b122a68eda6d -# Parent 00faecc2c4b6ad1bddb5b4d083e415851e9f93b1 -Improved realloc() wrapper. - -This closes #639 issue on Github. - -diff -r 00faecc2c4b6 -r 5419d81ccd87 src/nxt_malloc.c ---- a/src/nxt_malloc.c Tue Feb 15 21:43:02 2022 +0000 -+++ b/src/nxt_malloc.c Mon Feb 21 10:24:53 2022 +0800 -@@ -61,6 +61,33 @@ nxt_zalloc(size_t size) - } - - -+#if (NXT_DEBUG) -+ -+void * -+nxt_realloc(void *p, size_t size) -+{ -+ void *n; -+ uintptr_t ptr; -+ -+ ptr = (uintptr_t) p; -+ -+ n = realloc(p, size); -+ -+ if (nxt_fast_path(n != NULL)) { -+ nxt_log_debug(nxt_malloc_log(), "realloc(%p, %uz): %p", ptr, size, n); -+ -+ } else { -+ nxt_log_alert_moderate(&nxt_malloc_log_moderation, nxt_malloc_log(), -+ "realloc(%p, %uz) failed %E", -+ ptr, size, nxt_errno); -+ } -+ -+ return n; -+} -+ -+ -+#else -+ - void * - nxt_realloc(void *p, size_t size) - { -@@ -80,6 +107,8 @@ nxt_realloc(void *p, size_t size) - return n; - } - -+#endif /* NXT_DEBUG */ -+ - - /* nxt_lvlhsh_* functions moved here to avoid references from nxt_lvlhsh.c. */ diff --git a/unit-openssl3.patch b/unit-openssl3.patch deleted file mode 100644 index 38f2587..0000000 --- a/unit-openssl3.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 988aa2115ec67111e8a124d4d6c0abccb63db05f Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@remirepo.net> -Date: Thu, 18 Nov 2021 17:47:39 +0100 -Subject: [PATCH 1/2] use ERR_get_error_all with openssl 3 - ---- - src/nxt_openssl.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c -index 1e08015e..22242538 100644 ---- a/src/nxt_openssl.c -+++ b/src/nxt_openssl.c -@@ -14,7 +14,6 @@ - #include <openssl/bio.h> - #include <openssl/evp.h> - -- - typedef struct { - SSL *session; - nxt_conn_t *conn; -@@ -1781,7 +1780,11 @@ nxt_openssl_copy_error(u_char *p, u_char *end) - clear = 0; - - for ( ;; ) { -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+ err = ERR_get_error_all(NULL, NULL, NULL, &data, &flags); -+#else - err = ERR_get_error_line_data(NULL, NULL, &data, &flags); -+#endif - if (err == 0) { - break; - } - -From 22ad9572ccb3b5f0d49219290e1f92911836cb8d Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@remirepo.net> -Date: Thu, 18 Nov 2021 17:48:19 +0100 -Subject: [PATCH 2/2] temporarily ignore openssl 3 deprecations - ---- - src/nxt_openssl.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c -index 22242538..606cdadf 100644 ---- a/src/nxt_openssl.c -+++ b/src/nxt_openssl.c -@@ -14,6 +14,11 @@ - #include <openssl/bio.h> - #include <openssl/evp.h> - -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+/* TODO removed when SSL_CTX_set_tlsext_ticket_key_cb updated to SSL_CTX_set_tlsext_ticket_key_evp_cb */ -+# pragma GCC diagnostic ignored "-Wdeprecated-declarations" -+#endif -+ - typedef struct { - SSL *session; - nxt_conn_t *conn; diff --git a/unit-syspol.patch b/unit-syspol.patch deleted file mode 100644 index 1ab0ddf..0000000 --- a/unit-syspol.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -up ./src/nxt_openssl.c.syspol ./src/nxt_openssl.c ---- ./src/nxt_openssl.c.syspol 2021-08-19 16:52:54.000000000 +0200 -+++ ./src/nxt_openssl.c 2021-08-24 07:43:45.844605992 +0200 -@@ -278,7 +278,7 @@ nxt_openssl_server_init(nxt_task_t *task - nxt_tls_init_t *tls_init, nxt_bool_t last) - { - SSL_CTX *ctx; -- const char *ciphers, *ca_certificate; -+ const char *ca_certificate; - nxt_tls_conf_t *conf; - STACK_OF(X509_NAME) *list; - nxt_tls_bundle_conf_t *bundle; -@@ -339,13 +339,13 @@ nxt_openssl_server_init(nxt_task_t *task - } - */ - -- ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5"; -- -- if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) { -- nxt_openssl_log_error(task, NXT_LOG_ALERT, -+ if (conf->ciphers) { /* else use system crypto policy */ -+ if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) { -+ nxt_openssl_log_error(task, NXT_LOG_ALERT, - "SSL_CTX_set_cipher_list(\"%s\") failed", -- ciphers); -- goto fail; -+ conf->ciphers); -+ goto fail; -+ } - } - - #if (NXT_HAVE_OPENSSL_CONF_CMD) diff --git a/unit.init b/unit.init deleted file mode 100644 index e1aacd8..0000000 --- a/unit.init +++ /dev/null @@ -1,88 +0,0 @@ -#!/bin/sh -# -# unitd NGINX Unit -# -# chkconfig: - 86 14 -# description: NGINX Unit - -### BEGIN INIT INFO -# Provides: unitd -# Required-Start: $local_fs $network $named $syslog -# Required-Stop: $local_fs $network $named $syslog -# Default-Start: -# Default-Stop: 0 1 2 3 4 5 6 -# Short-Description: NGINX Unit -# Description: NGINX Unit -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -exec="/usr/sbin/unitd" -prog="unitd" - -[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog - -lockfile=/var/lock/subsys/$prog - -start() { - [ -x $exec ] || exit 5 - echo -n $"Starting $prog: " - daemon $exec $UNITD_OPTIONS - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $prog: " - killproc $prog - retval=$? - echo - [ $retval -eq 0 ] && rm -f $lockfile - return $retval -} - -restart() { - stop - start -} - -rh_status() { - status $prog -} - -rh_status_q() { - rh_status &>/dev/null -} - - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - reload|force-reload) - echo "Not implemented." >&2 - exit 1 - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}" - exit 2 -esac -exit $? @@ -1,53 +1,78 @@ # remirepo/fedora spec file for unit-php # -# Copyright (c) 2019-2021 Remi Collet -# License: CC-BY-SA -# http://creativecommons.org/licenses/by-sa/4.0/ +# SPDX-FileCopyrightText: Copyright 2019-2025 Remi Collet +# SPDX-License-Identifier: CECILL-2.1 +# http://www.cecill.info/licences/Licence_CeCILL_V2-en.txt # # Please, preserve the changelog entries # +# TODO otel support (--otel, requires rust/cargo...) + %bcond_without tests +# require ONLINE build for sources download +%bcond_with wasm +# need vendored rust libraries +%bcond_without otel +%if 0%{?fedora} || 0%{?rhel} >= 9 +# RPM 4.19 feature +%bcond_without sysusers +%else +%bcond_with sysusers +%endif %global gh_owner nginx %global project unit -%global gh_commit 3d1fa29f1d03e392df534b6589d3e1d2ed883671 +%global gh_commit 8ab74a8cc929272eb8683d3f6ab4cb406465fd34 %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) Name: unit Summary: NGINX Unit application server -Version: 1.27.0 +Version: 1.34.2 Release: 1%{?dist} -License: ASL 2.0 +# unit is Apache-2.0 +# rust libraries are Apache-2.0 or MIT +License: Apache-2.0 AND MIT URL: https://unit.nginx.org/ Source0: https://github.com/%{gh_owner}/%{project}/archive/%{gh_commit}/%{project}-%{version}-%{gh_short}.tar.gz Source1: unit.service -Source2: unit.init +Source2: unit-debug.service Source3: unit.sysconf Source4: unit.logrotate - -# Use system crypto policy -# https://github.com/nginx/unit/pull/215 -Patch0: %{project}-syspol.patch -# Workaround for OpenSSL 3.0 -# https://github.com/nginx/unit/pull/598 -Patch1: %{project}-openssl3.patch -# Woraroung use-afer-free -# https://github.com/nginx/unit/issues/639 -Patch2: %{project}-github639.patch +# awfull hack, use a bundled rust registry +Source5: makedeps.sh +Source6: %{project}-deps-%{version}.tgz +Source7: unit.sysusers BuildRequires: make BuildRequires: gcc BuildRequires: openssl-devel BuildRequires: pcre2-devel +# command tool only to pull library dependencies +BuildRequires: njs +BuildRequires: libnjs-devel >= 0.8.3 BuildRequires: systemd +%if %{with otel} +BuildRequires: cargo >= 1.73 +BuildRequires: rust >= 1.73 +%endif +%if %{with wasm} +BuildRequires: clang +BuildRequires: llvm +%endif +BuildRequires: systemd-rpm-macros -%{?systemd_requires} +%{?systemd_ordering} +%if %{with sysusers} +%{?sysusers_requires_compat} +%else Requires(pre): /usr/sbin/useradd +%endif Requires: logrotate Provides: nginx-unit = %{version}-%{release} +Provides: unit-r%{version} %description @@ -68,12 +93,42 @@ Library and include files required for NGINX Unit modules development. %prep +%if %{without otel} %setup -qn %{project}-%{gh_commit} -%patch0 -p1 -b .syspol -%patch1 -p1 -b .openssl3 -%patch2 -p1 -b .gcc12 - -cp pkg/rpm/rpmbuild/SOURCES/unit.example.config example.config +%else +%setup -qn %{project}-%{gh_commit} -a6 + +: Create cargo configuration to use vendor directory +mkdir .cargo +cat << EOF | tee .cargo/config.toml +[build] +jobs = %(echo %{?_smp_mflags} | sed 's/\-j//') +rustc = "%{_bindir}/rustc" + +[env] +CFLAGS = "%{build_cflags}" +CXXFLAGS = "%{build_cxxflags}" +LDFLAGS = "%{build_ldflags}" + +[term] +verbose = true + +[source.crates-io] +replace-with = "vendored-sources" + +[source.vendored-sources] +directory = "$PWD/mycargo" +EOF + +: Bundled libraries Licenses +for i in $(cd mycargo; ls */LICEN*) +do + cp mycargo/$i $(dirname $i)-$(basename $i .md) +done + +: Required rust version +grep -h rust-version mycargo/*/Cargo.toml src/otel/Cargo.toml | sort -u | tail -n 8 +%endif %build @@ -83,37 +138,51 @@ cp pkg/rpm/rpmbuild/SOURCES/unit.example.config example.config unitconf() { ./configure \ --libdir=%{_libdir} \ + --sbindir=%{_sbindir} \ --prefix=%{_prefix} \ - --state=%{_sharedstatedir}/unit \ + --statedir=%{_sharedstatedir}/unit \ --control="unix:/run/unit/control.sock" \ --pid=/run/unit/unit.pid \ + --runstatedir=/var/run \ --log=/var/log/unit/unit.log \ - --tmp=/var/tmp \ + --logdir=/var/log \ + --tmpdir=/var/tmp \ --user=unit \ --group=unit \ --openssl \ --cc-opt="%{optflags}" \ --tests \ + --njs \ +%if %{with otel} + --otel \ +%endif $* } unitconf \ - --modules=%{_libdir}/unit/debug-modules \ + --modulesdir=%{_libdir}/unit/debug-modules \ --debug -make %{?_smp_mflags} -make %{?_smp_mflags} build/libunit.a +make %{?_smp_mflags} E=0 V=1 +make %{?_smp_mflags} build/lib/libunit.a E=0 V=1 mv build build-debug +%if %{with wasm} +make %{?_smp_mflags} -C pkg/contrib .libunit-wasm E=0 V=1 +%endif + unitconf \ - --modules=%{_libdir}/unit/modules -make %{?_smp_mflags} + --modulesdir=%{_libdir}/unit/modules +make %{?_smp_mflags} E=0 V=1 %install -DESTDIR=%{buildroot} make unitd-install libunit-install manpage-install +DESTDIR=%{buildroot} make unitd-install libunit-install manpage-install E=0 V=1 + +install -m755 -D tools/unitc %{buildroot}%{_bindir}/unitc +install -m755 -D tools/setup-unit %{buildroot}%{_bindir}/setup-unit -install -m755 build-debug/unitd %{buildroot}%{_sbindir}/unitd-debug -install -m644 build-debug/libunit.a %{buildroot}%{_libdir}/libunit-debug.a +install -m755 build-debug/sbin/unitd %{buildroot}%{_sbindir}/unitd-debug +install -m644 build-debug/lib/libunit.a %{buildroot}%{_libdir}/libunit-debug.a mkdir -p %{buildroot}%{_sysconfdir}/%{name} mkdir -p %{buildroot}%{_libdir}/%{name}/modules @@ -126,21 +195,38 @@ install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # init scripts install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service +install -p -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}-debug.service mkdir -p %{buildroot}%{_sysconfdir}/systemd/system/%{name}.service.d +# relocate when sbindir is /usr/bin +sed -e 's:/usr/sbin:%{_sbindir}:' -i %{buildroot}%{_unitdir}/*.service + +%if %{with wasm} +mkdir -p %{buildroot}%{_includedir}/unit/ +install -m 644 pkg/contrib/libunit-wasm/src/c/libunit-wasm.a %{buildroot}%{_libdir}/ +install -m 644 pkg/contrib/libunit-wasm/src/c/include/unit/unit-wasm.h %{buildroot}%{_includedir}/unit/ +%endif + +%if %{with sysusers} +install -p -D -m 0644 %{SOURCE7} %{buildroot}%{_sysusersdir}/unit.conf +%endif %check %if %{with tests} -make tests %{?_smp_mflags} +make tests %{?_smp_mflags} E=0 V=1 ./build/tests %endif %pre +%if %{with sysusers} +%sysusers_create_compat %{SOURCE7} +%else getent group unit >/dev/null || groupadd -r unit getent passwd unit >/dev/null || \ useradd -r -g unit -s /sbin/nologin \ - -d /nonexistent -c "unit user" unit + -d /nonexistent -c "NGINX Unit user" unit +%endif %post %systemd_post %{name}.service @@ -168,10 +254,10 @@ More info: https://unit.nginx.org/installation/#official-packages BANNER %files -%{!?_licensedir:%global license %%doc} -%license LICENSE +%license *LICENSE* %doc NOTICE CHANGES *.md -%doc example.config +%attr(0755,root,root) %{_bindir}/unitc +%attr(0755,root,root) %{_bindir}/setup-unit %attr(0755,root,root) %{_sbindir}/unitd %attr(0755,root,root) %{_sbindir}/unitd-debug %dir %{_sysconfdir}/unit @@ -183,18 +269,85 @@ BANNER %{_mandir}/man8/unitd.8* %dir %{_sysconfdir}/systemd/system/%{name}.service.d -%{_unitdir}/unit.service -%dir %attr(0755,root,root) %ghost /run/unit +%{_unitdir}/%{name}.service +%{_unitdir}/%{name}-debug.service +%dir %attr(0755,root,root) %ghost /run/%{name} +%if %{with sysusers} +%{_sysusersdir}/%{name}.conf +%endif %files devel # API is not stable YET, so keep the static library for now (like upstream packages) %{_libdir}/libunit.a %{_libdir}/libunit-debug.a +%if %{with wasm} +%{_libdir}/libunit-wasm.a +%dir %{_includedir}/unit +%{_includedir}/unit/*.h +%endif %{_includedir}/nxt_*.h +%{_datadir}/pkgconfig/unit.pc %changelog +* Tue Mar 4 2025 Remi Collet <remi@remirepo.net> - 1.34.2-1 +- update to 1.34.2 + +* Sat Feb 15 2025 Remi Collet <remi@remirepo.net> - 1.34.1-3 +- add a sysusers.d file (Fedora and EL >= 9) + +* Fri Feb 14 2025 Remi Collet <remi@remirepo.net> - 1.34.1-2 +- F42: workaround /usr/sbin merged in /usr/bin +- add unit-debug service + +* Mon Jan 13 2025 Remi Collet <remi@remirepo.net> - 1.34.1-1 +- update to 1.34.1 + +* Thu Dec 19 2024 Remi Collet <remi@remirepo.net> - 1.34.0-2 +- re-license spec file to CECILL-2.1 +- enable otel support +- fix build of tests with otel using patch from + https://github.com/nginx/unit/pull/1521 + +* Thu Dec 19 2024 Remi Collet <remi@remirepo.net> - 1.34.0-1 +- update to 1.34.0 + +* Wed Sep 18 2024 Remi Collet <remi@remirepo.net> - 1.33.0-1 +- update to 1.33.0 using njs 0.8.5 + +* Tue Mar 26 2024 Remi Collet <remi@remirepo.net> - 1.32.1-1 +- update to 1.32.1 + +* Tue Feb 27 2024 Remi Collet <remi@remirepo.net> - 1.32.0-1 +- update to 1.32.0 using njs 0.8.2 + +* Wed Dec 20 2023 Remi Collet <remi@remirepo.net> - 1.31.1-3 +- enable NGINX JavaScript (njs) configuration extension + +* Mon Nov 6 2023 Remi Collet <remi@remirepo.net> - 1.31.1-2 +- weak dependencies on systemd + +* Thu Oct 19 2023 Remi Collet <remi@remirepo.net> - 1.31.1-1 +- update to 1.31.1 + +* Thu Aug 31 2023 Remi Collet <remi@remirepo.net> - 1.31.0-1 +- update to 1.31.0 + +* Thu May 11 2023 Remi Collet <remi@remirepo.net> - 1.30.0-1 +- update to 1.30.0 +- add unitc and setup-unit commands + +* Wed Mar 1 2023 Remi Collet <remi@remirepo.net> - 1.29.1-1 +- update to 1.29.1 + +* Thu Dec 15 2022 Remi Collet <remi@remirepo.net> - 1.29.0-1 +- update to 1.29.0 +- drop patches merged upstream + +* Tue Sep 13 2022 Remi Collet <remi@remirepo.net> - 1.28.0-1 +- update to 1.28.0 + * Thu Jun 2 2022 Remi Collet <remi@remirepo.net> - 1.27.0-1 - update to 1.27.0 diff --git a/unit.sysusers b/unit.sysusers new file mode 100644 index 0000000..66c23d1 --- /dev/null +++ b/unit.sysusers @@ -0,0 +1 @@ +u unit - "NGINX Unit user" /dev/null /sbin/nologin |