summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--215.patch42
-rwxr-xr-xmakedeps.sh23
-rw-r--r--unit-debug.service26
-rw-r--r--unit.init88
-rw-r--r--unit.spec356
-rw-r--r--unit.sysusers1
6 files changed, 331 insertions, 205 deletions
diff --git a/215.patch b/215.patch
deleted file mode 100644
index d98ecb3..0000000
--- a/215.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 41243ec789c0c9d5b625c76abbc401333d876ee5 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Wed, 16 Jan 2019 08:38:53 +0100
-Subject: [PATCH] prefer system crypto policy
-
----
- src/nxt_openssl.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
-index 99dd207..6d9df48 100644
---- a/src/nxt_openssl.c
-+++ b/src/nxt_openssl.c
-@@ -248,7 +248,7 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf)
- {
- SSL_CTX *ctx;
- nxt_fd_t fd;
-- const char *ciphers, *ca_certificate;
-+ const char *ca_certificate;
- STACK_OF(X509_NAME) *list;
-
- ctx = SSL_CTX_new(SSLv23_server_method());
-@@ -303,13 +303,13 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf)
- goto fail;
- }
- */
-- ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
--
-- if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
-- nxt_openssl_log_error(task, NXT_LOG_ALERT,
-+ if (conf->ciphers) { /* else use system crypto policy */
-+ if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) {
-+ nxt_openssl_log_error(task, NXT_LOG_ALERT,
- "SSL_CTX_set_cipher_list(\"%s\") failed",
-- ciphers);
-- goto fail;
-+ conf->ciphers);
-+ goto fail;
-+ }
- }
-
- SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
diff --git a/makedeps.sh b/makedeps.sh
new file mode 100755
index 0000000..3fd3c8c
--- /dev/null
+++ b/makedeps.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+EXT=unit
+
+if [ $# -lt 2 ]; then
+ echo usage $0 version commit
+ exit 0
+fi
+if [ -f $EXT-$1-$2.tar.gz ]; then
+ echo "+ Unpack"
+ tar xf $EXT-$1-$2.tar.gz
+
+ pushd $EXT-$2*
+ echo "+ Fetch"
+ pushd src/otel
+ cargo vendor ../../mycargo
+ popd
+
+ echo "+ Pack"
+ tar czf ../$EXT-deps-$1.tgz mycargo
+ popd
+else
+ echo $EXT-$1-$2.tar.gz missing
+fi
diff --git a/unit-debug.service b/unit-debug.service
new file mode 100644
index 0000000..12ec3db
--- /dev/null
+++ b/unit-debug.service
@@ -0,0 +1,26 @@
+# Modifying this file in-place is not recommended, because changes
+# will be overwritten during package upgrades. To customize the
+# behaviour, run "systemctl edit unit-debug" to create an override unit.
+
+# For example, to change options given to the unitd binary at startup,
+# create an override unit (as is done by systemctl edit) and enter
+# the following:
+
+# [Service]
+# Environment="UNITD_OPTIONS=--log /var/log/unit/unit.log --pid /var/run/unit/unit.pid"
+
+[Unit]
+Description=NGINX Unit
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+Environment="UNITD_OPTIONS=--log /var/log/unit/unit.log --pid /run/unit/unit.pid"
+ExecStart=/usr/sbin/unitd-debug $UNITD_OPTIONS --no-daemon
+ExecReload=
+RuntimeDirectory=unit
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
diff --git a/unit.init b/unit.init
deleted file mode 100644
index e1aacd8..0000000
--- a/unit.init
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/bin/sh
-#
-# unitd NGINX Unit
-#
-# chkconfig: - 86 14
-# description: NGINX Unit
-
-### BEGIN INIT INFO
-# Provides: unitd
-# Required-Start: $local_fs $network $named $syslog
-# Required-Stop: $local_fs $network $named $syslog
-# Default-Start:
-# Default-Stop: 0 1 2 3 4 5 6
-# Short-Description: NGINX Unit
-# Description: NGINX Unit
-### END INIT INFO
-
-# Source function library.
-. /etc/rc.d/init.d/functions
-
-exec="/usr/sbin/unitd"
-prog="unitd"
-
-[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
-
-lockfile=/var/lock/subsys/$prog
-
-start() {
- [ -x $exec ] || exit 5
- echo -n $"Starting $prog: "
- daemon $exec $UNITD_OPTIONS
- retval=$?
- echo
- [ $retval -eq 0 ] && touch $lockfile
- return $retval
-}
-
-stop() {
- echo -n $"Stopping $prog: "
- killproc $prog
- retval=$?
- echo
- [ $retval -eq 0 ] && rm -f $lockfile
- return $retval
-}
-
-restart() {
- stop
- start
-}
-
-rh_status() {
- status $prog
-}
-
-rh_status_q() {
- rh_status &>/dev/null
-}
-
-
-case "$1" in
- start)
- rh_status_q && exit 0
- $1
- ;;
- stop)
- rh_status_q || exit 0
- $1
- ;;
- restart)
- $1
- ;;
- reload|force-reload)
- echo "Not implemented." >&2
- exit 1
- ;;
- status)
- rh_status
- ;;
- condrestart|try-restart)
- rh_status_q || exit 0
- restart
- ;;
- *)
- echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}"
- exit 2
-esac
-exit $?
diff --git a/unit.spec b/unit.spec
index 65f7636..a0ab603 100644
--- a/unit.spec
+++ b/unit.spec
@@ -1,53 +1,78 @@
# remirepo/fedora spec file for unit-php
#
-# Copyright (c) 2019-2020 Remi Collet
-# License: CC-BY-SA
-# http://creativecommons.org/licenses/by-sa/4.0/
+# SPDX-FileCopyrightText: Copyright 2019-2025 Remi Collet
+# SPDX-License-Identifier: CECILL-2.1
+# http://www.cecill.info/licences/Licence_CeCILL_V2-en.txt
#
# Please, preserve the changelog entries
#
+# TODO otel support (--otel, requires rust/cargo...)
+
+%bcond_without tests
+# require ONLINE build for sources download
+%bcond_with wasm
+# need vendored rust libraries
+%bcond_without otel
+%if 0%{?fedora} || 0%{?rhel} >= 9
+# RPM 4.19 feature
+%bcond_without sysusers
+%else
+%bcond_with sysusers
+%endif
+
%global gh_owner nginx
%global project unit
-%global gh_commit 4d62989f5c2329bb4a6174e4b7fb4ab6d8d9ec9f
+%global gh_commit 8ab74a8cc929272eb8683d3f6ab4cb406465fd34
%global gh_short %(c=%{gh_commit}; echo ${c:0:7})
-# distribution specific definitions
-%global use_systemd (0%{?rhel} >= 7 || 0%{?fedora} >= 19)
-%global with_tests 0%{!?_without_tests:1}
-
Name: unit
Summary: NGINX Unit application server
-Version: 1.17.0
+Version: 1.34.2
Release: 1%{?dist}
-License: ASL 2.0
+# unit is Apache-2.0
+# rust libraries are Apache-2.0 or MIT
+License: Apache-2.0 AND MIT
URL: https://unit.nginx.org/
Source0: https://github.com/%{gh_owner}/%{project}/archive/%{gh_commit}/%{project}-%{version}-%{gh_short}.tar.gz
Source1: unit.service
-Source2: unit.init
+Source2: unit-debug.service
Source3: unit.sysconf
Source4: unit.logrotate
+# awfull hack, use a bundled rust registry
+Source5: makedeps.sh
+Source6: %{project}-deps-%{version}.tgz
+Source7: unit.sysusers
-# Use system crypto policy
-Patch0: https://github.com/nginx/unit/pull/215.patch
-
+BuildRequires: make
BuildRequires: gcc
BuildRequires: openssl-devel
-%if %{use_systemd}
+BuildRequires: pcre2-devel
+# command tool only to pull library dependencies
+BuildRequires: njs
+BuildRequires: libnjs-devel >= 0.8.3
BuildRequires: systemd
-Requires(post): systemd
-Requires(preun): systemd
-Requires(postun): systemd
+%if %{with otel}
+BuildRequires: cargo >= 1.73
+BuildRequires: rust >= 1.73
+%endif
+%if %{with wasm}
+BuildRequires: clang
+BuildRequires: llvm
+%endif
+BuildRequires: systemd-rpm-macros
+
+%{?systemd_ordering}
+%if %{with sysusers}
+%{?sysusers_requires_compat}
%else
-Requires(post): chkconfig
-Requires(preun): chkconfig
-Requires(preun): initscripts
-Requires(postun): initscripts
+Requires(pre): /usr/sbin/useradd
%endif
Requires: logrotate
Provides: nginx-unit = %{version}-%{release}
+Provides: unit-r%{version}
%description
@@ -68,50 +93,96 @@ Library and include files required for NGINX Unit modules development.
%prep
+%if %{without otel}
%setup -qn %{project}-%{gh_commit}
-%patch0 -p1 -b .syspol
-
-cp pkg/rpm/rpmbuild/SOURCES/unit.example.config example.config
+%else
+%setup -qn %{project}-%{gh_commit} -a6
+
+: Create cargo configuration to use vendor directory
+mkdir .cargo
+cat << EOF | tee .cargo/config.toml
+[build]
+jobs = %(echo %{?_smp_mflags} | sed 's/\-j//')
+rustc = "%{_bindir}/rustc"
+
+[env]
+CFLAGS = "%{build_cflags}"
+CXXFLAGS = "%{build_cxxflags}"
+LDFLAGS = "%{build_ldflags}"
+
+[term]
+verbose = true
+
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "$PWD/mycargo"
+EOF
+
+: Bundled libraries Licenses
+for i in $(cd mycargo; ls */LICEN*)
+do
+ cp mycargo/$i $(dirname $i)-$(basename $i .md)
+done
+
+: Required rust version
+grep -h rust-version mycargo/*/Cargo.toml src/otel/Cargo.toml | sort -u | tail -n 8
+%endif
%build
+# see https://github.com/nginx/unit/issues/467
+%define _lto_cflags %{nil}
+
unitconf() {
./configure \
--libdir=%{_libdir} \
+ --sbindir=%{_sbindir} \
--prefix=%{_prefix} \
- --state=%{_sharedstatedir}/unit \
-%if %{use_systemd}
+ --statedir=%{_sharedstatedir}/unit \
--control="unix:/run/unit/control.sock" \
--pid=/run/unit/unit.pid \
-%else
- --control="unix:/var/run/unit/control.sock" \
- --pid=/var/run/unit/unit.pid \
-%endif
+ --runstatedir=/var/run \
--log=/var/log/unit/unit.log \
- --tmp=/var/tmp \
+ --logdir=/var/log \
+ --tmpdir=/var/tmp \
+ --user=unit \
+ --group=unit \
--openssl \
--cc-opt="%{optflags}" \
--tests \
+ --njs \
+%if %{with otel}
+ --otel \
+%endif
$*
}
unitconf \
- --modules=%{_libdir}/unit/debug-modules \
+ --modulesdir=%{_libdir}/unit/debug-modules \
--debug
-make %{?_smp_mflags}
-make %{?_smp_mflags} build/libunit.a
+make %{?_smp_mflags} E=0 V=1
+make %{?_smp_mflags} build/lib/libunit.a E=0 V=1
mv build build-debug
+%if %{with wasm}
+make %{?_smp_mflags} -C pkg/contrib .libunit-wasm E=0 V=1
+%endif
+
unitconf \
- --modules=%{_libdir}/unit/modules
-make %{?_smp_mflags}
+ --modulesdir=%{_libdir}/unit/modules
+make %{?_smp_mflags} E=0 V=1
%install
-DESTDIR=%{buildroot} make unitd-install libunit-install
+DESTDIR=%{buildroot} make unitd-install libunit-install manpage-install E=0 V=1
+
+install -m755 -D tools/unitc %{buildroot}%{_bindir}/unitc
+install -m755 -D tools/setup-unit %{buildroot}%{_bindir}/setup-unit
-install -m755 build-debug/unitd %{buildroot}%{_sbindir}/unitd-debug
-install -m644 build-debug/libunit.a %{buildroot}%{_libdir}/libunit-debug.a
+install -m755 build-debug/sbin/unitd %{buildroot}%{_sbindir}/unitd-debug
+install -m644 build-debug/lib/libunit.a %{buildroot}%{_libdir}/libunit-debug.a
mkdir -p %{buildroot}%{_sysconfdir}/%{name}
mkdir -p %{buildroot}%{_libdir}/%{name}/modules
@@ -123,55 +194,70 @@ mkdir -p %{buildroot}%{_localstatedir}/run/%{name}
install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
# init scripts
-%if %{use_systemd}
install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
+install -p -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}-debug.service
mkdir -p %{buildroot}%{_sysconfdir}/systemd/system/%{name}.service.d
+# relocate when sbindir is /usr/bin
+sed -e 's:/usr/sbin:%{_sbindir}:' -i %{buildroot}%{_unitdir}/*.service
-%else
-install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/unitd
-install -p -D -m 0755 %{SOURCE2} %{buildroot}%{_initrddir}/%{name}
+%if %{with wasm}
+mkdir -p %{buildroot}%{_includedir}/unit/
+install -m 644 pkg/contrib/libunit-wasm/src/c/libunit-wasm.a %{buildroot}%{_libdir}/
+install -m 644 pkg/contrib/libunit-wasm/src/c/include/unit/unit-wasm.h %{buildroot}%{_includedir}/unit/
+%endif
+
+%if %{with sysusers}
+install -p -D -m 0644 %{SOURCE7} %{buildroot}%{_sysusersdir}/unit.conf
%endif
%check
-%if %{with_tests}
-make tests %{?_smp_mflags}
+%if %{with tests}
+make tests %{?_smp_mflags} E=0 V=1
./build/tests
%endif
-%post
-%if %{use_systemd}
-%systemd_post %{name}.service
+%pre
+%if %{with sysusers}
+%sysusers_create_compat %{SOURCE7}
%else
-/sbin/chkconfig --add unit
+getent group unit >/dev/null || groupadd -r unit
+getent passwd unit >/dev/null || \
+ useradd -r -g unit -s /sbin/nologin \
+ -d /nonexistent -c "NGINX Unit user" unit
%endif
+%post
+%systemd_post %{name}.service
+
%preun
-%if %{use_systemd}
%systemd_preun %{name}.service
-%else
-if [ $1 -eq 0 ]; then
- /sbin/service unit stop >/dev/null 2>&1
- /sbin/chkconfig --del unit
-fi
-%endif
%postun
-%if %{use_systemd}
%systemd_postun_with_restart %{name}.service
-%else
-if [ $1 -ge 1 ]; then
- /sbin/service unit condrestart >/dev/null 2>&1 ||:
-fi
-%endif
+%triggerpostun -- unit < 1.22.0
+cat <<BANNER
+----------------------------------------------------------------------
+
+WARNING:
+
+Since version 1.22.0, Unit's non-privileged processes run as unit:unit by
+default. Review your system permissions and Unit configuration so apps and
+routes that relied on these processes running as nobody:nogroup stay working.
+
+More info: https://unit.nginx.org/installation/#official-packages
+
+----------------------------------------------------------------------
+BANNER
+
%files
-%{!?_licensedir:%global license %%doc}
-%license LICENSE
-%doc NOTICE README CHANGES
-%doc example.config
+%license *LICENSE*
+%doc NOTICE CHANGES *.md
+%attr(0755,root,root) %{_bindir}/unitc
+%attr(0755,root,root) %{_bindir}/setup-unit
%attr(0755,root,root) %{_sbindir}/unitd
%attr(0755,root,root) %{_sbindir}/unitd-debug
%dir %{_sysconfdir}/unit
@@ -180,26 +266,146 @@ fi
%dir %{_sharedstatedir}/unit
%dir %attr(0700,root,root) %{_localstatedir}/log/unit
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%{_mandir}/man8/unitd.8*
-%if %{use_systemd}
%dir %{_sysconfdir}/systemd/system/%{name}.service.d
-%{_unitdir}/unit.service
-%dir %attr(0755,root,root) %ghost /run/unit
-
-%else
-%config(noreplace) %{_sysconfdir}/sysconfig/unitd
-%dir %attr(0755,root,root) %{_localstatedir}/run/unit
-%{_initrddir}/unit
+%{_unitdir}/%{name}.service
+%{_unitdir}/%{name}-debug.service
+%dir %attr(0755,root,root) %ghost /run/%{name}
+%if %{with sysusers}
+%{_sysusersdir}/%{name}.conf
%endif
+
%files devel
# API is not stable YET, so keep the static library for now (like upstream packages)
%{_libdir}/libunit.a
%{_libdir}/libunit-debug.a
+%if %{with wasm}
+%{_libdir}/libunit-wasm.a
+%dir %{_includedir}/unit
+%{_includedir}/unit/*.h
+%endif
%{_includedir}/nxt_*.h
+%{_datadir}/pkgconfig/unit.pc
%changelog
+* Tue Mar 4 2025 Remi Collet <remi@remirepo.net> - 1.34.2-1
+- update to 1.34.2
+
+* Sat Feb 15 2025 Remi Collet <remi@remirepo.net> - 1.34.1-3
+- add a sysusers.d file (Fedora and EL >= 9)
+
+* Fri Feb 14 2025 Remi Collet <remi@remirepo.net> - 1.34.1-2
+- F42: workaround /usr/sbin merged in /usr/bin
+- add unit-debug service
+
+* Mon Jan 13 2025 Remi Collet <remi@remirepo.net> - 1.34.1-1
+- update to 1.34.1
+
+* Thu Dec 19 2024 Remi Collet <remi@remirepo.net> - 1.34.0-2
+- re-license spec file to CECILL-2.1
+- enable otel support
+- fix build of tests with otel using patch from
+ https://github.com/nginx/unit/pull/1521
+
+* Thu Dec 19 2024 Remi Collet <remi@remirepo.net> - 1.34.0-1
+- update to 1.34.0
+
+* Wed Sep 18 2024 Remi Collet <remi@remirepo.net> - 1.33.0-1
+- update to 1.33.0 using njs 0.8.5
+
+* Tue Mar 26 2024 Remi Collet <remi@remirepo.net> - 1.32.1-1
+- update to 1.32.1
+
+* Tue Feb 27 2024 Remi Collet <remi@remirepo.net> - 1.32.0-1
+- update to 1.32.0 using njs 0.8.2
+
+* Wed Dec 20 2023 Remi Collet <remi@remirepo.net> - 1.31.1-3
+- enable NGINX JavaScript (njs) configuration extension
+
+* Mon Nov 6 2023 Remi Collet <remi@remirepo.net> - 1.31.1-2
+- weak dependencies on systemd
+
+* Thu Oct 19 2023 Remi Collet <remi@remirepo.net> - 1.31.1-1
+- update to 1.31.1
+
+* Thu Aug 31 2023 Remi Collet <remi@remirepo.net> - 1.31.0-1
+- update to 1.31.0
+
+* Thu May 11 2023 Remi Collet <remi@remirepo.net> - 1.30.0-1
+- update to 1.30.0
+- add unitc and setup-unit commands
+
+* Wed Mar 1 2023 Remi Collet <remi@remirepo.net> - 1.29.1-1
+- update to 1.29.1
+
+* Thu Dec 15 2022 Remi Collet <remi@remirepo.net> - 1.29.0-1
+- update to 1.29.0
+- drop patches merged upstream
+
+* Tue Sep 13 2022 Remi Collet <remi@remirepo.net> - 1.28.0-1
+- update to 1.28.0
+
+* Thu Jun 2 2022 Remi Collet <remi@remirepo.net> - 1.27.0-1
+- update to 1.27.0
+
+* Mon Feb 21 2022 Remi Collet <remi@remirepo.net> - 1.26.1-3
+- test build for upstream patch
+
+* Fri Feb 11 2022 Remi Collet <remi@remirepo.net> - 1.26.1-2
+- fix build error with GCC 12 using workaround to
+ https://github.com/nginx/unit/issues/639
+
+* Thu Dec 2 2021 Remi Collet <remi@remirepo.net> - 1.26.1-1
+- update to 1.26.1
+
+* Mon Nov 22 2021 Remi Collet <remi@remirepo.net> - 1.26.0-3
+- add patch proposal for https://github.com/nginx/unit/issues/600
+
+* Thu Nov 18 2021 Remi Collet <remi@remirepo.net> - 1.26.0-2
+- add better workaround for OpenSSL 3.0 from
+ https://github.com/nginx/unit/pull/598
+
+* Thu Nov 18 2021 Remi Collet <remi@remirepo.net> - 1.26.0-1
+- update to 1.26.0
+
+* Sat Nov 6 2021 Remi Collet <remi@remirepo.net> - 1.25.0-3
+- EL-9 build
+
+* Fri Sep 3 2021 Remi Collet <remi@remirepo.net> - 1.25.0-2
+- fix build with recent glibc using patch from
+ https://github.com/nginx/unit/pull/576
+
+* Tue Aug 24 2021 Remi Collet <remi@remirepo.net> - 1.25.0-1
+- update to 1.25.0
+
+* Fri May 28 2021 Remi Collet <remi@remirepo.net> - 1.24.0-1
+- update to 1.24.0
+
+* Fri Mar 26 2021 Remi Collet <remi@remirepo.net> - 1.23.0-1
+- update to 1.23.0
+
+* Fri Feb 5 2021 Remi Collet <remi@remirepo.net> - 1.22.0-1
+- update to 1.22.0
+
+* Fri Nov 20 2020 Remi Collet <remi@remirepo.net> - 1.21.0-1
+- update to 1.21.0
+
+* Fri Oct 9 2020 Remi Collet <remi@remirepo.net> - 1.20.0-1
+- update to 1.20.0
+
+* Tue Aug 18 2020 Remi Collet <remi@remirepo.net> - 1.19.0-2
+- F33 build without LTO
+ reported as https://github.com/nginx/unit/issues/467
+
+* Fri Aug 14 2020 Remi Collet <remi@remirepo.net> - 1.19.0-1
+- update to 1.19.0
+
+* Sun May 31 2020 Remi Collet <remi@remirepo.net> - 1.18.0-1
+- update to 1.18.0
+
* Fri Apr 17 2020 Remi Collet <remi@remirepo.net> - 1.17.0-1
- update to 1.17.0
diff --git a/unit.sysusers b/unit.sysusers
new file mode 100644
index 0000000..66c23d1
--- /dev/null
+++ b/unit.sysusers
@@ -0,0 +1 @@
+u unit - "NGINX Unit user" /dev/null /sbin/nologin