diff options
| -rw-r--r-- | 215.patch | 42 | ||||
| -rw-r--r-- | unit.spec | 236 |
2 files changed, 170 insertions, 108 deletions
diff --git a/215.patch b/215.patch deleted file mode 100644 index d98ecb3..0000000 --- a/215.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 41243ec789c0c9d5b625c76abbc401333d876ee5 Mon Sep 17 00:00:00 2001 -From: Remi Collet <remi@remirepo.net> -Date: Wed, 16 Jan 2019 08:38:53 +0100 -Subject: [PATCH] prefer system crypto policy - ---- - src/nxt_openssl.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c -index 99dd207..6d9df48 100644 ---- a/src/nxt_openssl.c -+++ b/src/nxt_openssl.c -@@ -248,7 +248,7 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf) - { - SSL_CTX *ctx; - nxt_fd_t fd; -- const char *ciphers, *ca_certificate; -+ const char *ca_certificate; - STACK_OF(X509_NAME) *list; - - ctx = SSL_CTX_new(SSLv23_server_method()); -@@ -303,13 +303,13 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf) - goto fail; - } - */ -- ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5"; -- -- if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) { -- nxt_openssl_log_error(task, NXT_LOG_ALERT, -+ if (conf->ciphers) { /* else use system crypto policy */ -+ if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) { -+ nxt_openssl_log_error(task, NXT_LOG_ALERT, - "SSL_CTX_set_cipher_list(\"%s\") failed", -- ciphers); -- goto fail; -+ conf->ciphers); -+ goto fail; -+ } - } - - SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); @@ -1,26 +1,26 @@ # remirepo/fedora spec file for unit-php # -# Copyright (c) 2019-2020 Remi Collet -# License: CC-BY-SA +# Copyright (c) 2019-2024 Remi Collet +# License: CC-BY-SA-4.0 # http://creativecommons.org/licenses/by-sa/4.0/ # # Please, preserve the changelog entries # +%bcond_without tests +# require ONLINE build for sources download +%bcond_with wasm + %global gh_owner nginx %global project unit -%global gh_commit d3ca5fb47a52322b48737d21d55bf1d6d0aa446a +%global gh_commit 48d79170596d9923f2612d25e5a62ca0999b4313 %global gh_short %(c=%{gh_commit}; echo ${c:0:7}) -# distribution specific definitions -%global use_systemd (0%{?rhel} >= 7 || 0%{?fedora} >= 19) -%global with_tests 0%{!?_without_tests:1} - Name: unit Summary: NGINX Unit application server -Version: 1.18.0 +Version: 1.32.1 Release: 1%{?dist} -License: ASL 2.0 +License: Apache-2.0 URL: https://unit.nginx.org/ Source0: https://github.com/%{gh_owner}/%{project}/archive/%{gh_commit}/%{project}-%{version}-%{gh_short}.tar.gz @@ -29,25 +29,29 @@ Source2: unit.init Source3: unit.sysconf Source4: unit.logrotate -# Use system crypto policy -Patch0: https://github.com/nginx/unit/pull/215.patch - +BuildRequires: make BuildRequires: gcc BuildRequires: openssl-devel -%if %{use_systemd} +BuildRequires: pcre2-devel +# command tool only to pull library dependencies +BuildRequires: njs +BuildRequires: libnjs-devel = 0.8.2 BuildRequires: systemd -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd +%if %{with wasm} +BuildRequires: clang +BuildRequires: llvm +%endif + +%if 0%{?rhel} == 7 +%{?systemd_requires} %else -Requires(post): chkconfig -Requires(preun): chkconfig -Requires(preun): initscripts -Requires(postun): initscripts +%{?systemd_ordering} %endif +Requires(pre): /usr/sbin/useradd Requires: logrotate Provides: nginx-unit = %{version}-%{release} +Provides: unit-r%{version} %description @@ -69,49 +73,56 @@ Library and include files required for NGINX Unit modules development. %prep %setup -qn %{project}-%{gh_commit} -%patch0 -p1 -b .syspol - -cp pkg/rpm/rpmbuild/SOURCES/unit.example.config example.config %build +# see https://github.com/nginx/unit/issues/467 +%define _lto_cflags %{nil} + unitconf() { ./configure \ --libdir=%{_libdir} \ --prefix=%{_prefix} \ - --state=%{_sharedstatedir}/unit \ -%if %{use_systemd} + --statedir=%{_sharedstatedir}/unit \ --control="unix:/run/unit/control.sock" \ --pid=/run/unit/unit.pid \ -%else - --control="unix:/var/run/unit/control.sock" \ - --pid=/var/run/unit/unit.pid \ -%endif + --runstatedir=/var/run \ --log=/var/log/unit/unit.log \ - --tmp=/var/tmp \ + --logdir=/var/log \ + --tmpdir=/var/tmp \ + --user=unit \ + --group=unit \ --openssl \ --cc-opt="%{optflags}" \ --tests \ + --njs \ $* } unitconf \ - --modules=%{_libdir}/unit/debug-modules \ + --modulesdir=%{_libdir}/unit/debug-modules \ --debug make %{?_smp_mflags} -make %{?_smp_mflags} build/libunit.a +make %{?_smp_mflags} build/lib/libunit.a mv build build-debug +%if %{with wasm} +make %{?_smp_mflags} -C pkg/contrib .libunit-wasm +%endif + unitconf \ - --modules=%{_libdir}/unit/modules + --modulesdir=%{_libdir}/unit/modules make %{?_smp_mflags} %install -DESTDIR=%{buildroot} make unitd-install libunit-install +DESTDIR=%{buildroot} make unitd-install libunit-install manpage-install -install -m755 build-debug/unitd %{buildroot}%{_sbindir}/unitd-debug -install -m644 build-debug/libunit.a %{buildroot}%{_libdir}/libunit-debug.a +install -m755 -D tools/unitc %{buildroot}%{_bindir}/unitc +install -m755 -D tools/setup-unit %{buildroot}%{_bindir}/setup-unit + +install -m755 build-debug/sbin/unitd %{buildroot}%{_sbindir}/unitd-debug +install -m644 build-debug/lib/libunit.a %{buildroot}%{_libdir}/libunit-debug.a mkdir -p %{buildroot}%{_sysconfdir}/%{name} mkdir -p %{buildroot}%{_libdir}/%{name}/modules @@ -123,55 +134,60 @@ mkdir -p %{buildroot}%{_localstatedir}/run/%{name} install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # init scripts -%if %{use_systemd} install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service mkdir -p %{buildroot}%{_sysconfdir}/systemd/system/%{name}.service.d -%else -install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/unitd -install -p -D -m 0755 %{SOURCE2} %{buildroot}%{_initrddir}/%{name} +%if %{with wasm} +mkdir -p %{buildroot}%{_includedir}/unit/ +install -m 644 pkg/contrib/libunit-wasm/src/c/libunit-wasm.a %{buildroot}%{_libdir}/ +install -m 644 pkg/contrib/libunit-wasm/src/c/include/unit/unit-wasm.h %{buildroot}%{_includedir}/unit/ %endif %check -%if %{with_tests} +%if %{with tests} make tests %{?_smp_mflags} ./build/tests %endif +%pre +getent group unit >/dev/null || groupadd -r unit +getent passwd unit >/dev/null || \ + useradd -r -g unit -s /sbin/nologin \ + -d /nonexistent -c "unit user" unit + %post -%if %{use_systemd} %systemd_post %{name}.service -%else -/sbin/chkconfig --add unit -%endif %preun -%if %{use_systemd} %systemd_preun %{name}.service -%else -if [ $1 -eq 0 ]; then - /sbin/service unit stop >/dev/null 2>&1 - /sbin/chkconfig --del unit -fi -%endif %postun -%if %{use_systemd} %systemd_postun_with_restart %{name}.service -%else -if [ $1 -ge 1 ]; then - /sbin/service unit condrestart >/dev/null 2>&1 ||: -fi -%endif +%triggerpostun -- unit < 1.22.0 +cat <<BANNER +---------------------------------------------------------------------- + +WARNING: + +Since version 1.22.0, Unit's non-privileged processes run as unit:unit by +default. Review your system permissions and Unit configuration so apps and +routes that relied on these processes running as nobody:nogroup stay working. + +More info: https://unit.nginx.org/installation/#official-packages + +---------------------------------------------------------------------- +BANNER + %files %{!?_licensedir:%global license %%doc} %license LICENSE -%doc NOTICE README CHANGES -%doc example.config +%doc NOTICE CHANGES *.md +%attr(0755,root,root) %{_bindir}/unitc +%attr(0755,root,root) %{_bindir}/setup-unit %attr(0755,root,root) %{_sbindir}/unitd %attr(0755,root,root) %{_sbindir}/unitd-debug %dir %{_sysconfdir}/unit @@ -180,26 +196,114 @@ fi %dir %{_sharedstatedir}/unit %dir %attr(0700,root,root) %{_localstatedir}/log/unit %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%{_mandir}/man8/unitd.8* -%if %{use_systemd} %dir %{_sysconfdir}/systemd/system/%{name}.service.d %{_unitdir}/unit.service %dir %attr(0755,root,root) %ghost /run/unit -%else -%config(noreplace) %{_sysconfdir}/sysconfig/unitd -%dir %attr(0755,root,root) %{_localstatedir}/run/unit -%{_initrddir}/unit -%endif %files devel # API is not stable YET, so keep the static library for now (like upstream packages) %{_libdir}/libunit.a %{_libdir}/libunit-debug.a +%if %{with wasm} +%{_libdir}/libunit-wasm.a +%dir %{_includedir}/unit +%{_includedir}/unit/*.h +%endif %{_includedir}/nxt_*.h +%{_datadir}/pkgconfig/unit.pc %changelog +* Tue Mar 26 2024 Remi Collet <remi@remirepo.net> - 1.32.1-1 +- update to 1.32.1 + +* Tue Feb 27 2024 Remi Collet <remi@remirepo.net> - 1.32.0-1 +- update to 1.32.0 using njs 0.8.2 + +* Wed Dec 20 2023 Remi Collet <remi@remirepo.net> - 1.31.1-3 +- enable NGINX JavaScript (njs) configuration extension + +* Mon Nov 6 2023 Remi Collet <remi@remirepo.net> - 1.31.1-2 +- weak dependencies on systemd + +* Thu Oct 19 2023 Remi Collet <remi@remirepo.net> - 1.31.1-1 +- update to 1.31.1 + +* Thu Aug 31 2023 Remi Collet <remi@remirepo.net> - 1.31.0-1 +- update to 1.31.0 + +* Thu May 11 2023 Remi Collet <remi@remirepo.net> - 1.30.0-1 +- update to 1.30.0 +- add unitc and setup-unit commands + +* Wed Mar 1 2023 Remi Collet <remi@remirepo.net> - 1.29.1-1 +- update to 1.29.1 + +* Thu Dec 15 2022 Remi Collet <remi@remirepo.net> - 1.29.0-1 +- update to 1.29.0 +- drop patches merged upstream + +* Tue Sep 13 2022 Remi Collet <remi@remirepo.net> - 1.28.0-1 +- update to 1.28.0 + +* Thu Jun 2 2022 Remi Collet <remi@remirepo.net> - 1.27.0-1 +- update to 1.27.0 + +* Mon Feb 21 2022 Remi Collet <remi@remirepo.net> - 1.26.1-3 +- test build for upstream patch + +* Fri Feb 11 2022 Remi Collet <remi@remirepo.net> - 1.26.1-2 +- fix build error with GCC 12 using workaround to + https://github.com/nginx/unit/issues/639 + +* Thu Dec 2 2021 Remi Collet <remi@remirepo.net> - 1.26.1-1 +- update to 1.26.1 + +* Mon Nov 22 2021 Remi Collet <remi@remirepo.net> - 1.26.0-3 +- add patch proposal for https://github.com/nginx/unit/issues/600 + +* Thu Nov 18 2021 Remi Collet <remi@remirepo.net> - 1.26.0-2 +- add better workaround for OpenSSL 3.0 from + https://github.com/nginx/unit/pull/598 + +* Thu Nov 18 2021 Remi Collet <remi@remirepo.net> - 1.26.0-1 +- update to 1.26.0 + +* Sat Nov 6 2021 Remi Collet <remi@remirepo.net> - 1.25.0-3 +- EL-9 build + +* Fri Sep 3 2021 Remi Collet <remi@remirepo.net> - 1.25.0-2 +- fix build with recent glibc using patch from + https://github.com/nginx/unit/pull/576 + +* Tue Aug 24 2021 Remi Collet <remi@remirepo.net> - 1.25.0-1 +- update to 1.25.0 + +* Fri May 28 2021 Remi Collet <remi@remirepo.net> - 1.24.0-1 +- update to 1.24.0 + +* Fri Mar 26 2021 Remi Collet <remi@remirepo.net> - 1.23.0-1 +- update to 1.23.0 + +* Fri Feb 5 2021 Remi Collet <remi@remirepo.net> - 1.22.0-1 +- update to 1.22.0 + +* Fri Nov 20 2020 Remi Collet <remi@remirepo.net> - 1.21.0-1 +- update to 1.21.0 + +* Fri Oct 9 2020 Remi Collet <remi@remirepo.net> - 1.20.0-1 +- update to 1.20.0 + +* Tue Aug 18 2020 Remi Collet <remi@remirepo.net> - 1.19.0-2 +- F33 build without LTO + reported as https://github.com/nginx/unit/issues/467 + +* Fri Aug 14 2020 Remi Collet <remi@remirepo.net> - 1.19.0-1 +- update to 1.19.0 + * Sun May 31 2020 Remi Collet <remi@remirepo.net> - 1.18.0-1 - update to 1.18.0 |