diff options
-rw-r--r-- | 215.patch | 42 | ||||
-rwxr-xr-x | makedeps.sh | 23 | ||||
-rw-r--r-- | unit-debug.service | 26 | ||||
-rw-r--r-- | unit.init | 88 | ||||
-rw-r--r-- | unit.spec | 356 | ||||
-rw-r--r-- | unit.sysusers | 1 |
6 files changed, 331 insertions, 205 deletions
diff --git a/215.patch b/215.patch deleted file mode 100644 index d98ecb3..0000000 --- a/215.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 41243ec789c0c9d5b625c76abbc401333d876ee5 Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@remirepo.net> -Date: Wed, 16 Jan 2019 08:38:53 +0100 -Subject: [PATCH] prefer system crypto policy - ---- - src/nxt_openssl.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c -index 99dd207..6d9df48 100644 ---- a/src/nxt_openssl.c -+++ b/src/nxt_openssl.c -@@ -248,7 +248,7 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf) - { - SSL_CTX *ctx; - nxt_fd_t fd; -- const char *ciphers, *ca_certificate; -+ const char *ca_certificate; - STACK_OF(X509_NAME) *list; - - ctx = SSL_CTX_new(SSLv23_server_method()); -@@ -303,13 +303,13 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf) - goto fail; - } - */ -- ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5"; -- -- if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) { -- nxt_openssl_log_error(task, NXT_LOG_ALERT, -+ if (conf->ciphers) { /* else use system crypto policy */ -+ if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) { -+ nxt_openssl_log_error(task, NXT_LOG_ALERT, - "SSL_CTX_set_cipher_list(\"%s\") failed", -- ciphers); -- goto fail; -+ conf->ciphers); -+ goto fail; -+ } - } - - SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); diff --git a/makedeps.sh b/makedeps.sh new file mode 100755 index 0000000..3fd3c8c --- /dev/null +++ b/makedeps.sh @@ -0,0 +1,23 @@ +#!/bin/sh +EXT=unit + +if [ $# -lt 2 ]; then + echo usage $0 version commit + exit 0 +fi +if [ -f $EXT-$1-$2.tar.gz ]; then + echo "+ Unpack" + tar xf $EXT-$1-$2.tar.gz + + pushd $EXT-$2* + echo "+ Fetch" + pushd src/otel + cargo vendor ../../mycargo + popd + + echo "+ Pack" + tar czf ../$EXT-deps-$1.tgz mycargo + popd +else + echo $EXT-$1-$2.tar.gz missing +fi diff --git a/unit-debug.service b/unit-debug.service new file mode 100644 index 0000000..12ec3db --- /dev/null +++ b/unit-debug.service @@ -0,0 +1,26 @@ +# Modifying this file in-place is not recommended, because changes +# will be overwritten during package upgrades. To customize the +# behaviour, run "systemctl edit unit-debug" to create an override unit. + +# For example, to change options given to the unitd binary at startup, +# create an override unit (as is done by systemctl edit) and enter +# the following: + +# [Service] +# Environment="UNITD_OPTIONS=--log /var/log/unit/unit.log --pid /var/run/unit/unit.pid" + +[Unit] +Description=NGINX Unit +Wants=network-online.target +After=network-online.target + +[Service] +Type=simple +Environment="UNITD_OPTIONS=--log /var/log/unit/unit.log --pid /run/unit/unit.pid" +ExecStart=/usr/sbin/unitd-debug $UNITD_OPTIONS --no-daemon +ExecReload= +RuntimeDirectory=unit +RuntimeDirectoryMode=0755 + +[Install] +WantedBy=multi-user.target diff --git a/unit.init b/unit.init deleted file mode 100644 index e1aacd8..0000000 --- a/unit.init +++ /dev/null @@ -1,88 +0,0 @@ -#!/bin/sh -# -# unitd NGINX Unit -# -# chkconfig: - 86 14 -# description: NGINX Unit - -### BEGIN INIT INFO -# Provides: unitd -# Required-Start: $local_fs $network $named $syslog -# Required-Stop: $local_fs $network $named $syslog -# Default-Start: -# Default-Stop: 0 1 2 3 4 5 6 -# Short-Description: NGINX Unit -# Description: NGINX Unit -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -exec="/usr/sbin/unitd" -prog="unitd" - -[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog - -lockfile=/var/lock/subsys/$prog - -start() { - [ -x $exec ] || exit 5 - echo -n $"Starting $prog: " - daemon $exec $UNITD_OPTIONS - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $prog: " - killproc $prog - retval=$? - echo - [ $retval -eq 0 ] && rm -f $lockfile - return $retval -} - -restart() { - stop - start -} - -rh_status() { - status $prog -} - -rh_status_q() { - rh_status &>/dev/null -} - - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - reload|force-reload) - echo "Not implemented." >&2 - exit 1 - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}" - exit 2 -esac -exit $? @@ -1,53 +1,78 @@ # remirepo/fedora spec file for unit-php # -# Copyright (c) 2019-2020 Remi Collet -# License: CC-BY-SA -# http://creativecommons.org/licenses/by-sa/4.0/ +# SPDX-FileCopyrightText: Copyright 2019-2025 Remi Collet +# SPDX-License-Identifier: CECILL-2.1 +# http://www.cecill.info/licences/Licence_CeCILL_V2-en.txt # # Please, preserve the changelog entries # +# TODO otel support (--otel, requires rust/cargo...) + +%bcond_without tests +# require ONLINE build for sources download +%bcond_with wasm +# need vendored rust libraries +%bcond_without otel +%if 0%{?fedora} || 0%{?rhel} >= 9 +# RPM 4.19 feature +%bcond_without sysusers +%else +%bcond_with sysusers +%endif + %global gh_owner nginx %global project unit -%global gh_commit 4d62989f5c2329bb4a6174e4b7fb4ab6d8d9ec9f +%global gh_commit 8ab74a8cc929272eb8683d3f6ab4cb406465fd34 %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) -# distribution specific definitions -%global use_systemd (0%{?rhel} >= 7 || 0%{?fedora} >= 19) -%global with_tests 0%{!?_without_tests:1} - Name: unit Summary: NGINX Unit application server -Version: 1.17.0 +Version: 1.34.2 Release: 1%{?dist} -License: ASL 2.0 +# unit is Apache-2.0 +# rust libraries are Apache-2.0 or MIT +License: Apache-2.0 AND MIT URL: https://unit.nginx.org/ Source0: https://github.com/%{gh_owner}/%{project}/archive/%{gh_commit}/%{project}-%{version}-%{gh_short}.tar.gz Source1: unit.service -Source2: unit.init +Source2: unit-debug.service Source3: unit.sysconf Source4: unit.logrotate +# awfull hack, use a bundled rust registry +Source5: makedeps.sh +Source6: %{project}-deps-%{version}.tgz +Source7: unit.sysusers -# Use system crypto policy -Patch0: https://github.com/nginx/unit/pull/215.patch - +BuildRequires: make BuildRequires: gcc BuildRequires: openssl-devel -%if %{use_systemd} +BuildRequires: pcre2-devel +# command tool only to pull library dependencies +BuildRequires: njs +BuildRequires: libnjs-devel >= 0.8.3 BuildRequires: systemd -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd +%if %{with otel} +BuildRequires: cargo >= 1.73 +BuildRequires: rust >= 1.73 +%endif +%if %{with wasm} +BuildRequires: clang +BuildRequires: llvm +%endif +BuildRequires: systemd-rpm-macros + +%{?systemd_ordering} +%if %{with sysusers} +%{?sysusers_requires_compat} %else -Requires(post): chkconfig -Requires(preun): chkconfig -Requires(preun): initscripts -Requires(postun): initscripts +Requires(pre): /usr/sbin/useradd %endif Requires: logrotate Provides: nginx-unit = %{version}-%{release} +Provides: unit-r%{version} %description @@ -68,50 +93,96 @@ Library and include files required for NGINX Unit modules development. %prep +%if %{without otel} %setup -qn %{project}-%{gh_commit} -%patch0 -p1 -b .syspol - -cp pkg/rpm/rpmbuild/SOURCES/unit.example.config example.config +%else +%setup -qn %{project}-%{gh_commit} -a6 + +: Create cargo configuration to use vendor directory +mkdir .cargo +cat << EOF | tee .cargo/config.toml +[build] +jobs = %(echo %{?_smp_mflags} | sed 's/\-j//') +rustc = "%{_bindir}/rustc" + +[env] +CFLAGS = "%{build_cflags}" +CXXFLAGS = "%{build_cxxflags}" +LDFLAGS = "%{build_ldflags}" + +[term] +verbose = true + +[source.crates-io] +replace-with = "vendored-sources" + +[source.vendored-sources] +directory = "$PWD/mycargo" +EOF + +: Bundled libraries Licenses +for i in $(cd mycargo; ls */LICEN*) +do + cp mycargo/$i $(dirname $i)-$(basename $i .md) +done + +: Required rust version +grep -h rust-version mycargo/*/Cargo.toml src/otel/Cargo.toml | sort -u | tail -n 8 +%endif %build +# see https://github.com/nginx/unit/issues/467 +%define _lto_cflags %{nil} + unitconf() { ./configure \ --libdir=%{_libdir} \ + --sbindir=%{_sbindir} \ --prefix=%{_prefix} \ - --state=%{_sharedstatedir}/unit \ -%if %{use_systemd} + --statedir=%{_sharedstatedir}/unit \ --control="unix:/run/unit/control.sock" \ --pid=/run/unit/unit.pid \ -%else - --control="unix:/var/run/unit/control.sock" \ - --pid=/var/run/unit/unit.pid \ -%endif + --runstatedir=/var/run \ --log=/var/log/unit/unit.log \ - --tmp=/var/tmp \ + --logdir=/var/log \ + --tmpdir=/var/tmp \ + --user=unit \ + --group=unit \ --openssl \ --cc-opt="%{optflags}" \ --tests \ + --njs \ +%if %{with otel} + --otel \ +%endif $* } unitconf \ - --modules=%{_libdir}/unit/debug-modules \ + --modulesdir=%{_libdir}/unit/debug-modules \ --debug -make %{?_smp_mflags} -make %{?_smp_mflags} build/libunit.a +make %{?_smp_mflags} E=0 V=1 +make %{?_smp_mflags} build/lib/libunit.a E=0 V=1 mv build build-debug +%if %{with wasm} +make %{?_smp_mflags} -C pkg/contrib .libunit-wasm E=0 V=1 +%endif + unitconf \ - --modules=%{_libdir}/unit/modules -make %{?_smp_mflags} + --modulesdir=%{_libdir}/unit/modules +make %{?_smp_mflags} E=0 V=1 %install -DESTDIR=%{buildroot} make unitd-install libunit-install +DESTDIR=%{buildroot} make unitd-install libunit-install manpage-install E=0 V=1 + +install -m755 -D tools/unitc %{buildroot}%{_bindir}/unitc +install -m755 -D tools/setup-unit %{buildroot}%{_bindir}/setup-unit -install -m755 build-debug/unitd %{buildroot}%{_sbindir}/unitd-debug -install -m644 build-debug/libunit.a %{buildroot}%{_libdir}/libunit-debug.a +install -m755 build-debug/sbin/unitd %{buildroot}%{_sbindir}/unitd-debug +install -m644 build-debug/lib/libunit.a %{buildroot}%{_libdir}/libunit-debug.a mkdir -p %{buildroot}%{_sysconfdir}/%{name} mkdir -p %{buildroot}%{_libdir}/%{name}/modules @@ -123,55 +194,70 @@ mkdir -p %{buildroot}%{_localstatedir}/run/%{name} install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # init scripts -%if %{use_systemd} install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service +install -p -D -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}-debug.service mkdir -p %{buildroot}%{_sysconfdir}/systemd/system/%{name}.service.d +# relocate when sbindir is /usr/bin +sed -e 's:/usr/sbin:%{_sbindir}:' -i %{buildroot}%{_unitdir}/*.service -%else -install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/unitd -install -p -D -m 0755 %{SOURCE2} %{buildroot}%{_initrddir}/%{name} +%if %{with wasm} +mkdir -p %{buildroot}%{_includedir}/unit/ +install -m 644 pkg/contrib/libunit-wasm/src/c/libunit-wasm.a %{buildroot}%{_libdir}/ +install -m 644 pkg/contrib/libunit-wasm/src/c/include/unit/unit-wasm.h %{buildroot}%{_includedir}/unit/ +%endif + +%if %{with sysusers} +install -p -D -m 0644 %{SOURCE7} %{buildroot}%{_sysusersdir}/unit.conf %endif %check -%if %{with_tests} -make tests %{?_smp_mflags} +%if %{with tests} +make tests %{?_smp_mflags} E=0 V=1 ./build/tests %endif -%post -%if %{use_systemd} -%systemd_post %{name}.service +%pre +%if %{with sysusers} +%sysusers_create_compat %{SOURCE7} %else -/sbin/chkconfig --add unit +getent group unit >/dev/null || groupadd -r unit +getent passwd unit >/dev/null || \ + useradd -r -g unit -s /sbin/nologin \ + -d /nonexistent -c "NGINX Unit user" unit %endif +%post +%systemd_post %{name}.service + %preun -%if %{use_systemd} %systemd_preun %{name}.service -%else -if [ $1 -eq 0 ]; then - /sbin/service unit stop >/dev/null 2>&1 - /sbin/chkconfig --del unit -fi -%endif %postun -%if %{use_systemd} %systemd_postun_with_restart %{name}.service -%else -if [ $1 -ge 1 ]; then - /sbin/service unit condrestart >/dev/null 2>&1 ||: -fi -%endif +%triggerpostun -- unit < 1.22.0 +cat <<BANNER +---------------------------------------------------------------------- + +WARNING: + +Since version 1.22.0, Unit's non-privileged processes run as unit:unit by +default. Review your system permissions and Unit configuration so apps and +routes that relied on these processes running as nobody:nogroup stay working. + +More info: https://unit.nginx.org/installation/#official-packages + +---------------------------------------------------------------------- +BANNER + %files -%{!?_licensedir:%global license %%doc} -%license LICENSE -%doc NOTICE README CHANGES -%doc example.config +%license *LICENSE* +%doc NOTICE CHANGES *.md +%attr(0755,root,root) %{_bindir}/unitc +%attr(0755,root,root) %{_bindir}/setup-unit %attr(0755,root,root) %{_sbindir}/unitd %attr(0755,root,root) %{_sbindir}/unitd-debug %dir %{_sysconfdir}/unit @@ -180,26 +266,146 @@ fi %dir %{_sharedstatedir}/unit %dir %attr(0700,root,root) %{_localstatedir}/log/unit %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%{_mandir}/man8/unitd.8* -%if %{use_systemd} %dir %{_sysconfdir}/systemd/system/%{name}.service.d -%{_unitdir}/unit.service -%dir %attr(0755,root,root) %ghost /run/unit - -%else -%config(noreplace) %{_sysconfdir}/sysconfig/unitd -%dir %attr(0755,root,root) %{_localstatedir}/run/unit -%{_initrddir}/unit +%{_unitdir}/%{name}.service +%{_unitdir}/%{name}-debug.service +%dir %attr(0755,root,root) %ghost /run/%{name} +%if %{with sysusers} +%{_sysusersdir}/%{name}.conf %endif + %files devel # API is not stable YET, so keep the static library for now (like upstream packages) %{_libdir}/libunit.a %{_libdir}/libunit-debug.a +%if %{with wasm} +%{_libdir}/libunit-wasm.a +%dir %{_includedir}/unit +%{_includedir}/unit/*.h +%endif %{_includedir}/nxt_*.h +%{_datadir}/pkgconfig/unit.pc %changelog +* Tue Mar 4 2025 Remi Collet <remi@remirepo.net> - 1.34.2-1 +- update to 1.34.2 + +* Sat Feb 15 2025 Remi Collet <remi@remirepo.net> - 1.34.1-3 +- add a sysusers.d file (Fedora and EL >= 9) + +* Fri Feb 14 2025 Remi Collet <remi@remirepo.net> - 1.34.1-2 +- F42: workaround /usr/sbin merged in /usr/bin +- add unit-debug service + +* Mon Jan 13 2025 Remi Collet <remi@remirepo.net> - 1.34.1-1 +- update to 1.34.1 + +* Thu Dec 19 2024 Remi Collet <remi@remirepo.net> - 1.34.0-2 +- re-license spec file to CECILL-2.1 +- enable otel support +- fix build of tests with otel using patch from + https://github.com/nginx/unit/pull/1521 + +* Thu Dec 19 2024 Remi Collet <remi@remirepo.net> - 1.34.0-1 +- update to 1.34.0 + +* Wed Sep 18 2024 Remi Collet <remi@remirepo.net> - 1.33.0-1 +- update to 1.33.0 using njs 0.8.5 + +* Tue Mar 26 2024 Remi Collet <remi@remirepo.net> - 1.32.1-1 +- update to 1.32.1 + +* Tue Feb 27 2024 Remi Collet <remi@remirepo.net> - 1.32.0-1 +- update to 1.32.0 using njs 0.8.2 + +* Wed Dec 20 2023 Remi Collet <remi@remirepo.net> - 1.31.1-3 +- enable NGINX JavaScript (njs) configuration extension + +* Mon Nov 6 2023 Remi Collet <remi@remirepo.net> - 1.31.1-2 +- weak dependencies on systemd + +* Thu Oct 19 2023 Remi Collet <remi@remirepo.net> - 1.31.1-1 +- update to 1.31.1 + +* Thu Aug 31 2023 Remi Collet <remi@remirepo.net> - 1.31.0-1 +- update to 1.31.0 + +* Thu May 11 2023 Remi Collet <remi@remirepo.net> - 1.30.0-1 +- update to 1.30.0 +- add unitc and setup-unit commands + +* Wed Mar 1 2023 Remi Collet <remi@remirepo.net> - 1.29.1-1 +- update to 1.29.1 + +* Thu Dec 15 2022 Remi Collet <remi@remirepo.net> - 1.29.0-1 +- update to 1.29.0 +- drop patches merged upstream + +* Tue Sep 13 2022 Remi Collet <remi@remirepo.net> - 1.28.0-1 +- update to 1.28.0 + +* Thu Jun 2 2022 Remi Collet <remi@remirepo.net> - 1.27.0-1 +- update to 1.27.0 + +* Mon Feb 21 2022 Remi Collet <remi@remirepo.net> - 1.26.1-3 +- test build for upstream patch + +* Fri Feb 11 2022 Remi Collet <remi@remirepo.net> - 1.26.1-2 +- fix build error with GCC 12 using workaround to + https://github.com/nginx/unit/issues/639 + +* Thu Dec 2 2021 Remi Collet <remi@remirepo.net> - 1.26.1-1 +- update to 1.26.1 + +* Mon Nov 22 2021 Remi Collet <remi@remirepo.net> - 1.26.0-3 +- add patch proposal for https://github.com/nginx/unit/issues/600 + +* Thu Nov 18 2021 Remi Collet <remi@remirepo.net> - 1.26.0-2 +- add better workaround for OpenSSL 3.0 from + https://github.com/nginx/unit/pull/598 + +* Thu Nov 18 2021 Remi Collet <remi@remirepo.net> - 1.26.0-1 +- update to 1.26.0 + +* Sat Nov 6 2021 Remi Collet <remi@remirepo.net> - 1.25.0-3 +- EL-9 build + +* Fri Sep 3 2021 Remi Collet <remi@remirepo.net> - 1.25.0-2 +- fix build with recent glibc using patch from + https://github.com/nginx/unit/pull/576 + +* Tue Aug 24 2021 Remi Collet <remi@remirepo.net> - 1.25.0-1 +- update to 1.25.0 + +* Fri May 28 2021 Remi Collet <remi@remirepo.net> - 1.24.0-1 +- update to 1.24.0 + +* Fri Mar 26 2021 Remi Collet <remi@remirepo.net> - 1.23.0-1 +- update to 1.23.0 + +* Fri Feb 5 2021 Remi Collet <remi@remirepo.net> - 1.22.0-1 +- update to 1.22.0 + +* Fri Nov 20 2020 Remi Collet <remi@remirepo.net> - 1.21.0-1 +- update to 1.21.0 + +* Fri Oct 9 2020 Remi Collet <remi@remirepo.net> - 1.20.0-1 +- update to 1.20.0 + +* Tue Aug 18 2020 Remi Collet <remi@remirepo.net> - 1.19.0-2 +- F33 build without LTO + reported as https://github.com/nginx/unit/issues/467 + +* Fri Aug 14 2020 Remi Collet <remi@remirepo.net> - 1.19.0-1 +- update to 1.19.0 + +* Sun May 31 2020 Remi Collet <remi@remirepo.net> - 1.18.0-1 +- update to 1.18.0 + * Fri Apr 17 2020 Remi Collet <remi@remirepo.net> - 1.17.0-1 - update to 1.17.0 diff --git a/unit.sysusers b/unit.sysusers new file mode 100644 index 0000000..66c23d1 --- /dev/null +++ b/unit.sysusers @@ -0,0 +1 @@ +u unit - "NGINX Unit user" /dev/null /sbin/nologin |