From acf99b02610aadddd42dc434c36ed3fe0b9eb5af Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 16 Jan 2019 08:59:51 +0100
Subject: initial package open https://github.com/nginx/unit/pull/215 system
 crypto policy open https://github.com/nginx/unit/pull/212 systemd improvments

---
 .gitignore   |   8 +++
 215.patch    |  42 +++++++++++++
 Makefile     |   4 ++
 unit.init    |  88 +++++++++++++++++++++++++++
 unit.service |  26 ++++++++
 unit.spec    | 196 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 unit.sysconf |   1 +
 7 files changed, 365 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 215.patch
 create mode 100644 Makefile
 create mode 100644 unit.init
 create mode 100644 unit.service
 create mode 100644 unit.spec
 create mode 100644 unit.sysconf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..fc9aa8c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+clog
+package-*.xml
+*.tgz
+*.tar.gz
+*.tar.xz
+*.tar.xz.asc
+*.src.rpm
+*/*rpm
diff --git a/215.patch b/215.patch
new file mode 100644
index 0000000..d98ecb3
--- /dev/null
+++ b/215.patch
@@ -0,0 +1,42 @@
+From 41243ec789c0c9d5b625c76abbc401333d876ee5 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Wed, 16 Jan 2019 08:38:53 +0100
+Subject: [PATCH] prefer system crypto policy
+
+---
+ src/nxt_openssl.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
+index 99dd207..6d9df48 100644
+--- a/src/nxt_openssl.c
++++ b/src/nxt_openssl.c
+@@ -248,7 +248,7 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf)
+ {
+     SSL_CTX              *ctx;
+     nxt_fd_t             fd;
+-    const char           *ciphers, *ca_certificate;
++    const char           *ca_certificate;
+     STACK_OF(X509_NAME)  *list;
+ 
+     ctx = SSL_CTX_new(SSLv23_server_method());
+@@ -303,13 +303,13 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf)
+         goto fail;
+     }
+ */
+-    ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
+-
+-    if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
+-        nxt_openssl_log_error(task, NXT_LOG_ALERT,
++    if (conf->ciphers) { /* else use system crypto policy */
++        if (SSL_CTX_set_cipher_list(ctx, conf->ciphers) == 0) {
++            nxt_openssl_log_error(task, NXT_LOG_ALERT,
+                               "SSL_CTX_set_cipher_list(\"%s\") failed",
+-                              ciphers);
+-        goto fail;
++                              conf->ciphers);
++            goto fail;
++        }
+     }
+ 
+     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..1e65467
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,4 @@
+SRCDIR := $(shell pwd)
+NAME := $(shell basename $(SRCDIR))
+include ../common/Makefile
+
diff --git a/unit.init b/unit.init
new file mode 100644
index 0000000..e1aacd8
--- /dev/null
+++ b/unit.init
@@ -0,0 +1,88 @@
+#!/bin/sh
+#
+# unitd        NGINX Unit
+#
+# chkconfig:   - 86 14
+# description: NGINX Unit
+
+### BEGIN INIT INFO
+# Provides: unitd
+# Required-Start: $local_fs $network $named $syslog
+# Required-Stop: $local_fs $network $named $syslog
+# Default-Start:
+# Default-Stop: 0 1 2 3 4 5 6
+# Short-Description: NGINX Unit
+# Description:       NGINX Unit
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+exec="/usr/sbin/unitd"
+prog="unitd"
+
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+lockfile=/var/lock/subsys/$prog
+
+start() {
+    [ -x $exec ] || exit 5
+    echo -n $"Starting $prog: "
+    daemon $exec $UNITD_OPTIONS
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && touch $lockfile
+    return $retval
+}
+
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc $prog
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
+}
+
+restart() {
+    stop
+    start
+}
+
+rh_status() {
+    status $prog
+}
+
+rh_status_q() {
+    rh_status &>/dev/null
+}
+
+
+case "$1" in
+    start)
+        rh_status_q && exit 0
+        $1
+        ;;
+    stop)
+        rh_status_q || exit 0
+        $1
+        ;;
+    restart)
+        $1
+        ;;
+    reload|force-reload)
+        echo "Not implemented." >&2
+        exit 1
+        ;;
+    status)
+        rh_status
+        ;;
+    condrestart|try-restart)
+        rh_status_q || exit 0
+        restart
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}"
+        exit 2
+esac
+exit $?
diff --git a/unit.service b/unit.service
new file mode 100644
index 0000000..f888685
--- /dev/null
+++ b/unit.service
@@ -0,0 +1,26 @@
+# Modifying this file in-place is not recommended, because changes
+# will be overwritten during package upgrades.  To customize the
+# behaviour, run "systemctl edit unit" to create an override unit.
+
+# For example, to change options given to the unitd binary at startup,
+# create an override unit (as is done by systemctl edit) and enter
+# the following:
+
+#       [Service]
+#       Environment="UNITD_OPTIONS=--log /var/log/unit/unit.log --pid /run/unit/unit.pid"
+
+[Unit]
+Description=NGINX Unit
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+Environment="UNITD_OPTIONS=--log /var/log/unit/unit.log --pid /run/unit/unit.pid"
+ExecStart=/usr/sbin/unitd $UNITD_OPTIONS --no-daemon
+ExecReload=
+RuntimeDirectory=unit
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
diff --git a/unit.spec b/unit.spec
new file mode 100644
index 0000000..908d126
--- /dev/null
+++ b/unit.spec
@@ -0,0 +1,196 @@
+# remirepo/fedora spec file for unit-php
+#
+# Copyright (c) 2019 Remi Collet
+# License: CC-BY-SA
+# http://creativecommons.org/licenses/by-sa/4.0/
+#
+# Please, preserve the changelog entries
+#
+
+%global gh_owner    nginx
+%global project     unit
+%global gh_commit   c51e1aa47dcb13b7118e0be00619736ccca839df
+%global gh_short    %(c=%{gh_commit}; echo ${c:0:7})
+
+# distribution specific definitions
+%global use_systemd (0%{?rhel} >= 7 || 0%{?fedora} >= 19)
+%global with_tests  0%{!?_without_tests:1}
+
+Name:              unit
+Summary:           NGINX Unit application server
+Version:           1.7
+Release:           1%{?dist}
+License:           ASL 2.0
+URL:               https://unit.nginx.org/
+
+Source0:           https://github.com/%{gh_owner}/%{project}/archive/%{gh_commit}/%{project}-%{version}-%{gh_short}.tar.gz
+Source1:           unit.service
+Source2:           unit.init
+Source3:           unit.sysconf
+
+
+# Use system crypto policy
+Patch0:            https://github.com/nginx/unit/pull/215.patch
+
+BuildRequires:     openssl-devel
+%if %{use_systemd}
+BuildRequires:     systemd
+Requires(post):    systemd
+Requires(preun):   systemd
+Requires(postun):  systemd
+%else
+Requires:          initscripts >= 8.36
+%endif
+Provides:          nginx-unit = %{version}-%{release}
+
+
+%description
+NGINX Unit is a runtime and delivery environment for modern distributed
+applications. It runs the application code in multiple languages
+(PHP, Python, Go, etc.), and tightly couples it with traffic delivery
+in and out of the application. Take this application server and proxy
+directly in the cloud / container environments and fully control your app
+dynamically via an API.
+
+
+%package devel
+Summary: NGINX Unit (development files)
+Requires: %{name}%{?_isa} = %{version}-%{release}
+
+%description devel
+Library and include files required for NGINX Unit modules development.
+
+
+%prep
+%setup -qn %{project}-%{gh_commit}
+%patch0 -p1 -b .syspol
+
+cp pkg/rpm/rpmbuild/SOURCES/unit.example.config example.config
+
+
+%build
+unitconf() {
+./configure \
+  --libdir=%{_libdir} \
+  --prefix=%{_prefix} \
+  --state=%{_sharedstatedir}/unit \
+%if %{use_systemd}
+  --control="unix:/run/unit/control.sock" \
+  --pid=/run/unit.pid \
+%else
+  --control="unix:/var/run/unit/control.sock" \
+  --pid=/var/run/unit.pid \
+%endif
+  --log=/var/log/unit.log \
+  --openssl \
+  --cc-opt="%{optflags}" \
+  --tests \
+  $*
+}
+
+unitconf \
+  --modules=%{_libdir}/unit/debug-modules \
+  --debug
+make %{?_smp_mflags}
+make %{?_smp_mflags} build/libunit.a
+mv build build-debug
+
+unitconf \
+  --modules=%{_libdir}/unit/modules
+make %{?_smp_mflags}
+
+
+%install
+DESTDIR=%{buildroot} make unitd-install libunit-install
+
+install -m755 build-debug/unitd     %{buildroot}%{_sbindir}/unitd-debug
+install -m644 build-debug/libunit.a %{buildroot}%{_libdir}/libunit-debug.a
+
+mkdir -p %{buildroot}%{_sysconfdir}/%{name}
+mkdir -p %{buildroot}%{_libdir}/%{name}/modules
+mkdir -p %{buildroot}%{_libdir}/%{name}/debug-modules
+mkdir -p %{buildroot}%{_sharedstatedir}/%{name}
+mkdir -p %{buildroot}%{_localstatedir}/log/%{name}
+mkdir -p %{buildroot}%{_localstatedir}/run/%{name}
+
+# init scripts
+%if %{use_systemd}
+install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
+mkdir -p %{buildroot}%{_sysconfdir}/systemd/system/%{name}.service.d
+
+%else
+install -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
+install -p -D -m 0755 %{SOURCE2} %{buildroot}%{_initrddir}/%{name}
+%endif
+
+
+%check
+%if %{with_tests}
+make tests %{?_smp_mflags}
+./build/tests
+%endif
+
+
+%post
+%if %{use_systemd}
+%systemd_post %{name}.service
+%else
+/sbin/chkconfig --add unit
+%endif
+
+%preun
+%if %{use_systemd}
+%systemd_preun %{name}.service
+%else
+if [ $1 -eq 0 ]; then
+    /sbin/service unit stop >/dev/null 2>&1
+    /sbin/chkconfig --del unit
+fi
+%endif
+
+%postun
+%if %{use_systemd}
+%systemd_postun_with_restart %{name}.service
+%else
+if [ $1 -ge 1 ]; then
+    /sbin/service unit condrestart >/dev/null 2>&1 ||:
+fi
+%endif
+
+
+%files
+%{!?_licensedir:%global license %%doc}
+%license LICENSE
+%doc NOTICE README CHANGES
+%doc example.config
+%attr(0755,root,root) %{_sbindir}/unitd
+%attr(0755,root,root) %{_sbindir}/unitd-debug
+%dir %{_sysconfdir}/unit
+%dir %{_libdir}/unit/modules
+%dir %{_libdir}/unit/debug-modules
+%dir %{_sharedstatedir}/unit
+%dir %attr(0700,root,root) %{_localstatedir}/log/unit
+
+%if %{use_systemd}
+%dir %{_sysconfdir}/systemd/system/%{name}.service.d
+%{_unitdir}/unit.service
+%dir %attr(0755,root,root) %ghost /run/unit
+
+%else
+%config(noreplace) %{_sysconfdir}/sysconfig/unit
+%dir %attr(0755,root,root) %{_localstatedir}/run/unit
+%{_initrddir}/unit
+%endif
+
+%files devel
+# API is not stable YET, so keep the static library for now (like upstream packages)
+%{_libdir}/libunit.a
+%{_libdir}/libunit-debug.a
+%{_includedir}/nxt_*.h
+
+
+%changelog
+* Tue Jan 15 2019 Remi Collet <remi@remirepo.net> - 1.7-1
+- initial package
+- open https://github.com/nginx/unit/pull/215 system crypto policy
+- open https://github.com/nginx/unit/pull/212 systemd improvments
diff --git a/unit.sysconf b/unit.sysconf
new file mode 100644
index 0000000..9146bda
--- /dev/null
+++ b/unit.sysconf
@@ -0,0 +1 @@
+UNITD_OPTIONS="--log /var/log/unit/unit.log --pid /var/run/unit/unit.pid"
-- 
cgit