diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..667c131 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/nginx-1.6.1.tar.gz +SOURCES/poweredby.png diff --git a/.nginx16-nginx.metadata b/.nginx16-nginx.metadata new file mode 100644 index 0000000..0b67669 --- /dev/null +++ b/.nginx16-nginx.metadata @@ -0,0 +1,2 @@ +e58c865f67b580541ed4eadf69d1676762bf50ab SOURCES/nginx-1.6.1.tar.gz +2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png diff --git a/README.md b/README.md deleted file mode 100644 index 98f42b4..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/404.html b/SOURCES/404.html new file mode 100644 index 0000000..1bbb026 --- /dev/null +++ b/SOURCES/404.html @@ -0,0 +1,120 @@ + + + + + The page is not found + + + + + +

nginx error!

+ +
+ +

The page you are looking for is not found.

+ +
+

Website Administrator

+
+

Something has triggered missing webpage on your + website. This is the default 404 error page for + nginx that is distributed with + Red Hat Enterprise Linux. It is located + /opt/rh/nginx14/root/usr/share/nginx/html/404.html

+ +

You should customize this error page for your own + site or edit the error_page directive in + the nginx configuration file + /opt/rh/nginx14/root/etc/nginx/nginx.conf.

+ +

For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

+ +
+
+ +
+ [ Powered by nginx ] + [ Powered by Red Hat Enterprise Linux ] +
+
+ + diff --git a/SOURCES/50x.html b/SOURCES/50x.html new file mode 100644 index 0000000..2f816d9 --- /dev/null +++ b/SOURCES/50x.html @@ -0,0 +1,120 @@ + + + + + The page is temporarily unavailable + + + + + +

nginx error!

+ +
+ +

The page you are looking for is temporarily unavailable. Please try again later.

+ +
+

Website Administrator

+
+

Something has triggered missing webpage on your + website. This is the default error page for + nginx that is distributed with + Red Hat Enterprise Linux. It is located + /opt/rh/nginx14/root/usr/share/nginx/html/50x.html

+ +

You should customize this error page for your own + site or edit the error_page directive in + the nginx configuration file + /opt/rh/nginx14/root/etc/nginx/nginx.conf.

+ +

For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

+ +
+
+ +
+ [ Powered by nginx ] + [ Powered by Red Hat Enterprise Linux ] +
+
+ + diff --git a/SOURCES/action-upgrade.sh b/SOURCES/action-upgrade.sh new file mode 100644 index 0000000..8c5bf3b --- /dev/null +++ b/SOURCES/action-upgrade.sh @@ -0,0 +1,13 @@ +#!/bin/sh +[ ! -f $localstatedir/run/nginx/nginx.pid ] && exit 1 +echo "Start new nginx master..." +/bin/systemctl kill --signal=SIGUSR2 $nginxservice +sleep 5 +[ ! -f $localstatedir/run/nginx/nginx.pid.oldbin ] && sleep 5 +if [ ! -f $localstatedir/run/nginx/nginx.pid.oldbin ]; then + echo "Failed to start new nginx master." + exit 1 +fi +echo "Stop old nginx master gracefully..." +oldpid=`cat $localstatedir/run/nginx/nginx.pid.oldbin 2>/dev/null` +/bin/kill -s QUIT $oldpid 2>/dev/null diff --git a/SOURCES/index.html b/SOURCES/index.html new file mode 100644 index 0000000..f171066 --- /dev/null +++ b/SOURCES/index.html @@ -0,0 +1,117 @@ + + + + + Test Page for the Nginx HTTP Server on Red Hat Enterprise Linux + + + + + +

Welcome to nginx on Red Hat Enterprise Linux!

+ +
+

This page is used to test the proper operation of the + nginx HTTP server after it has been + installed. If you can read this page, it means that the + web server installed at this site is working + properly.

+ +
+

Website Administrator

+
+

This is the default index.html page that + is distributed with nginx on + Red Hat Enterprise Linux. It is located in + /opt/rh/nginx14/root/usr/share/nginx/html.

+ +

You should now put your content in a location of + your choice and edit the root configuration + directive in the nginx + configuration file + /opt/rh/nginx14/root/etc/nginx/nginx.conf.

+ +

For information on Red Hat Enterprise Linux, please visit the Red Hat, Inc. website. The documentation for Red Hat Enterprise Linux is available on the Red Hat, Inc. website.

+ +
+
+ +
+ [ Powered by nginx ] + [ Powered by Red Hat Enterprise Linux ] +
+
+ + diff --git a/SOURCES/nginx-1.6.1-CVE-2014-3616.patch b/SOURCES/nginx-1.6.1-CVE-2014-3616.patch new file mode 100644 index 0000000..fb45514 --- /dev/null +++ b/SOURCES/nginx-1.6.1-CVE-2014-3616.patch @@ -0,0 +1,121 @@ +Index: src/event/ngx_event_openssl.c +=================================================================== +--- a/src/event/ngx_event_openssl.c (revision 5640) ++++ b/src/event/ngx_event_openssl.c (revision 5841) +@@ -28,4 +28,6 @@ + static void ngx_ssl_clear_error(ngx_log_t *log); + ++static ngx_int_t ngx_ssl_session_id_context(ngx_ssl_t *ssl, ++ ngx_str_t *sess_ctx); + ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data); + static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, +@@ -1730,10 +1732,12 @@ + SSL_CTX_set_timeout(ssl->ctx, (long) timeout); + ++ if (ngx_ssl_session_id_context(ssl, sess_ctx) != NGX_OK) { ++ return NGX_ERROR; ++ } ++ + if (builtin_session_cache == NGX_SSL_NO_SCACHE) { + SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF); + return NGX_OK; + } +- +- SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len); + + if (builtin_session_cache == NGX_SSL_NONE_SCACHE) { +@@ -1790,4 +1794,94 @@ + + return NGX_OK; ++} ++ ++ ++static ngx_int_t ++ngx_ssl_session_id_context(ngx_ssl_t *ssl, ngx_str_t *sess_ctx) ++{ ++ int n, i; ++ X509 *cert; ++ X509_NAME *name; ++ EVP_MD_CTX md; ++ unsigned int len; ++ STACK_OF(X509_NAME) *list; ++ u_char buf[EVP_MAX_MD_SIZE]; ++ ++ /* ++ * Session ID context is set based on the string provided, ++ * the server certificate, and the client CA list. ++ */ ++ ++ EVP_MD_CTX_init(&md); ++ ++ if (EVP_DigestInit_ex(&md, EVP_sha1(), NULL) == 0) { ++ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, ++ "EVP_DigestInit_ex() failed"); ++ goto failed; ++ } ++ ++ if (EVP_DigestUpdate(&md, sess_ctx->data, sess_ctx->len) == 0) { ++ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, ++ "EVP_DigestUpdate() failed"); ++ goto failed; ++ } ++ ++ cert = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index); ++ ++ if (X509_digest(cert, EVP_sha1(), buf, &len) == 0) { ++ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, ++ "X509_digest() failed"); ++ goto failed; ++ } ++ ++ if (EVP_DigestUpdate(&md, buf, len) == 0) { ++ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, ++ "EVP_DigestUpdate() failed"); ++ goto failed; ++ } ++ ++ list = SSL_CTX_get_client_CA_list(ssl->ctx); ++ ++ if (list != NULL) { ++ n = sk_X509_NAME_num(list); ++ ++ for (i = 0; i < n; i++) { ++ name = sk_X509_NAME_value(list, i); ++ ++ if (X509_NAME_digest(name, EVP_sha1(), buf, &len) == 0) { ++ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, ++ "X509_NAME_digest() failed"); ++ goto failed; ++ } ++ ++ if (EVP_DigestUpdate(&md, buf, len) == 0) { ++ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, ++ "EVP_DigestUpdate() failed"); ++ goto failed; ++ } ++ } ++ } ++ ++ if (EVP_DigestFinal_ex(&md, buf, &len) == 0) { ++ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, ++ "EVP_DigestUpdate() failed"); ++ goto failed; ++ } ++ ++ EVP_MD_CTX_cleanup(&md); ++ ++ if (SSL_CTX_set_session_id_context(ssl->ctx, buf, len) == 0) { ++ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, ++ "SSL_CTX_set_session_id_context() failed"); ++ return NGX_ERROR; ++ } ++ ++ return NGX_OK; ++ ++failed: ++ ++ EVP_MD_CTX_cleanup(&md); ++ ++ return NGX_ERROR; + } + diff --git a/SOURCES/nginx-auto-cc-gcc.patch b/SOURCES/nginx-auto-cc-gcc.patch new file mode 100644 index 0000000..ff693dc --- /dev/null +++ b/SOURCES/nginx-auto-cc-gcc.patch @@ -0,0 +1,13 @@ +--- auto/cc/gcc.orig 2007-03-22 08:34:53.000000000 -0600 ++++ auto/cc/gcc 2007-03-22 08:58:47.000000000 -0600 +@@ -172,7 +172,9 @@ + + + # stop on warning +-CFLAGS="$CFLAGS -Werror" ++# This combined with Fedora's FORTIFY_SOURCE=2 option causes it nginx ++# to not compile. ++#CFLAGS="$CFLAGS -Werror" + + # debug + CFLAGS="$CFLAGS -g" diff --git a/SOURCES/nginx-logo.png b/SOURCES/nginx-logo.png new file mode 100644 index 0000000..7406ba5 Binary files /dev/null and b/SOURCES/nginx-logo.png differ diff --git a/SOURCES/nginx.conf b/SOURCES/nginx.conf new file mode 100644 index 0000000..9c44f2a --- /dev/null +++ b/SOURCES/nginx.conf @@ -0,0 +1,131 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes 1; + +error_log $logdir/error.log; +#error_log $localstatedir/log/nginx/error.log notice; +#error_log $localstatedir/log/nginx/error.log info; + +pid $localstatedir/run/nginx/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include $sysconfdir/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log $logdir/access.log main; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include $sysconfdir/nginx/conf.d/*.conf; + + server { + listen 80; + server_name localhost; + + #charset koi8-r; + + #access_log $localstatedir/log/nginx/host.access.log main; + + location / { + root $datadir/nginx/html; + index index.html index.htm; + } + + # redirect server error pages to the static page /40x.html + # + error_page 404 /404.html; + location = /40x.html { + root $datadir/nginx/html; + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root $datadir/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + } + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443; + # server_name localhost; + + # ssl on; + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_timeout 5m; + + # ssl_protocols SSLv2 SSLv3 TLSv1; + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + +} diff --git a/SOURCES/nginx.init b/SOURCES/nginx.init new file mode 100644 index 0000000..2580c30 --- /dev/null +++ b/SOURCES/nginx.init @@ -0,0 +1,144 @@ +#!/bin/sh +# +# nginx - this script starts and stops the nginx daemon +# +# chkconfig: - 85 15 +# description: Nginx is an HTTP(S) server, HTTP(S) reverse \ +# proxy and IMAP/POP3 proxy server +# processname: nginx +# config: /etc/nginx/nginx.conf +# config: /etc/sysconfig/nginx +# pidfile: /var/run/nginx.pid + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +[ "$NETWORKING" = "no" ] && exit 0 + +nginx="$sbindir/nginx" +prog=$(basename $nginx) + +sysconfig="/etc/sysconfig/$scl$prog" +lockfile="$localstatedir/lock/subsys/nginx" +pidfile="$localstatedir/run/${prog}/${prog}.pid" + +NGINX_CONF_FILE="$sysconfdir/nginx/nginx.conf" + +[ -f $sysconfig ] && . $sysconfig + + +start() { + [ -x $nginx ] || exit 5 + [ -f $NGINX_CONF_FILE ] || exit 6 + echo -n $"Starting $prog: " + daemon $nginx -c $NGINX_CONF_FILE + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc -p $pidfile $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + configtest_q || return 6 + stop + start +} + +reload() { + configtest_q || return 6 + echo -n $"Reloading $prog: " + killproc -p $pidfile $prog -HUP + echo +} + +configtest() { + $nginx -t -c $NGINX_CONF_FILE +} + +configtest_q() { + $nginx -t -q -c $NGINX_CONF_FILE +} + +rh_status() { + status $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + +# Upgrade the binary with no downtime. +upgrade() { + local oldbin_pidfile="${pidfile}.oldbin" + + configtest_q || return 6 + echo -n $"Upgrading $prog: " + killproc -p $pidfile $prog -USR2 + retval=$? + sleep 1 + if [[ -f ${oldbin_pidfile} && -f ${pidfile} ]]; then + killproc -p $oldbin_pidfile $prog -QUIT + success $"$prog online upgrade" + echo + return 0 + else + failure $"$prog online upgrade" + echo + return 1 + fi +} + +# Tell nginx to reopen logs +reopen_logs() { + configtest_q || return 6 + echo -n $"Reopening $prog logs: " + killproc -p $pidfile $prog -USR1 + retval=$? + echo + return $retval +} + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart|configtest|reopen_logs) + $1 + ;; + force-reload|upgrade) + rh_status_q || exit 7 + upgrade + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + status|status_q) + rh_$1 + ;; + condrestart|try-restart) + rh_status_q || exit 7 + restart + ;; + *) + echo $"Usage: $0 {start|stop|reload|configtest|status|force-reload|upgrade|restart|reopen_logs}" + exit 2 +esac diff --git a/SOURCES/nginx.logrotate b/SOURCES/nginx.logrotate new file mode 100644 index 0000000..7ef3d0d --- /dev/null +++ b/SOURCES/nginx.logrotate @@ -0,0 +1,13 @@ +$logdir/*log { + create 0644 nginx nginx + daily + rotate 10 + missingok + notifempty + compress + sharedscripts + postrotate + /bin/kill -USR1 `cat $localstatedir/run/nginx.pid 2>/dev/null` 2>/dev/null || true + endscript +} + diff --git a/SOURCES/nginx.service b/SOURCES/nginx.service new file mode 100644 index 0000000..cf58248 --- /dev/null +++ b/SOURCES/nginx.service @@ -0,0 +1,15 @@ +[Unit] +Description=The nginx HTTP and reverse proxy server +After=syslog.target network.target remote-fs.target nss-lookup.target + +[Service] +Type=forking +PIDFile=$localstatedir/run/nginx/nginx.pid +ExecStartPre=$sbindir/nginx -t +ExecStart=$sbindir/nginx +ExecReload=/bin/kill -s HUP $MAINPID +ExecStop=/bin/kill -s QUIT $MAINPID +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/nginx.sysconfig b/SOURCES/nginx.sysconfig new file mode 100644 index 0000000..19bb3d2 --- /dev/null +++ b/SOURCES/nginx.sysconfig @@ -0,0 +1,4 @@ +# Configuration file for the nginx service + +# set this to the location of the nginx configuration file +NGINX_CONF_FILE=$sysconfdir/nginx/nginx.conf diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec new file mode 100644 index 0000000..28a3d49 --- /dev/null +++ b/SPECS/nginx.spec @@ -0,0 +1,609 @@ +%{?scl:%scl_package nginx} + +%define use_systemd 1 +%define use_geoip 0 +%define use_perl 0 +%global with_gperftools 0 + +%global _hardened_build 1 +%global nginx_user nginx +%global nginx_group %{nginx_user} +%global nginx_home %{_localstatedir}/lib/nginx +%global nginx_home_tmp %{nginx_home}/tmp +%global nginx_confdir %{_sysconfdir}/nginx +%global nginx_datadir %{_datadir}/nginx +%global nginx_logdir %{_root_localstatedir}/log/nginx16 +%global nginx_webroot %{nginx_datadir}/html + +Name: %{?scl:%scl_prefix}nginx +Epoch: 1 +Version: 1.6.1 +Release: 2%{?dist} + +Summary: A high performance web server and reverse proxy server +Group: System Environment/Daemons +# BSD License (two clause) +# http://www.freebsd.org/copyright/freebsd-license.html +License: BSD +URL: http://nginx.org/ + +Source0: http://nginx.org/download/nginx-%{version}.tar.gz +Source10: nginx.service +Source11: nginx.logrotate +Source12: nginx.conf +Source13: action-upgrade.sh +Source15: nginx.init +Source16: nginx.sysconfig +Source100: index.html +Source101: poweredby.png +Source102: nginx-logo.png +Source103: 404.html +Source104: 50x.html + +# removes -Werror in upstream build scripts. -Werror conflicts with +# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors. +Patch0: nginx-auto-cc-gcc.patch + +Patch1: nginx-1.6.1-CVE-2014-3616.patch + +# BuildRequires: GeoIP-devel +BuildRequires: gd-devel +%if 0%{?with_gperftools} +BuildRequires: gperftools-devel +%endif +BuildRequires: libxslt-devel +BuildRequires: openssl-devel +BuildRequires: pcre-devel +BuildRequires: perl-devel +BuildRequires: perl(ExtUtils::Embed) +BuildRequires: zlib-devel +%if 0%{?use_geoip} +Requires: GeoIP +%endif +Requires: gd +Requires: openssl +Requires: pcre +%if 0%{?use_perl} +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +%endif +Requires(pre): shadow-utils +Provides: webserver + +%if %{use_systemd} +BuildRequires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +%else +Requires(post): chkconfig +Requires(preun): chkconfig, initscripts +Requires(postun): initscripts +%endif +Requires(post): policycoreutils-python libselinux-utils +%{?scl:Requires:%scl_runtime} + +%description +Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and +IMAP protocols, with a strong focus on high concurrency, performance and low +memory usage. + + +%prep +%setup -q -n nginx-%{version} +%patch0 -p0 +%patch1 -p1 -b .CVE20143616 + + +%build +# nginx does not utilize a standard configure script. It has its own +# and the standard configure options cause the nginx configure script +# to error out. This is is also the reason for the DESTDIR environment +# variable. +export DESTDIR=%{buildroot} +./configure \ + --prefix=%{nginx_datadir} \ + --sbin-path=%{_sbindir}/nginx \ + --conf-path=%{nginx_confdir}/nginx.conf \ + --error-log-path=%{nginx_logdir}/error.log \ + --http-log-path=%{nginx_logdir}/access.log \ + --http-client-body-temp-path=%{nginx_home_tmp}/client_body \ + --http-proxy-temp-path=%{nginx_home_tmp}/proxy \ + --http-fastcgi-temp-path=%{nginx_home_tmp}/fastcgi \ + --http-uwsgi-temp-path=%{nginx_home_tmp}/uwsgi \ + --http-scgi-temp-path=%{nginx_home_tmp}/scgi \ + --pid-path=%{_localstatedir}/run/nginx/nginx.pid \ + --lock-path=%{_localstatedir}/lock/subsys/nginx \ + --user=%{nginx_user} \ + --group=%{nginx_group} \ + --with-file-aio \ + --with-ipv6 \ + --with-http_ssl_module \ + --with-http_spdy_module \ + --with-http_realip_module \ + --with-http_addition_module \ + --with-http_xslt_module \ + --with-http_image_filter_module \ +%if 0%{?use_geoip} + --with-http_geoip_module \ +%endif + --with-http_sub_module \ + --with-http_dav_module \ + --with-http_flv_module \ + --with-http_mp4_module \ + --with-http_gunzip_module \ + --with-http_gzip_static_module \ + --with-http_random_index_module \ + --with-http_secure_link_module \ + --with-http_degradation_module \ + --with-http_stub_status_module \ +%if 0%{?use_perl} + --with-http_perl_module \ +%endif + --with-mail \ + --with-mail_ssl_module \ + --with-pcre \ +%if 0%{?with_gperftools} + --with-google_perftools_module \ +%endif + --with-debug \ + --with-cc-opt="%{optflags} $(pcre-config --cflags)" \ + --with-ld-opt="$RPM_LD_FLAGS -Wl,-E" # so the perl module finds its symbols + +make %{?_smp_mflags} + + +%install +make install DESTDIR=%{buildroot} INSTALLDIRS=vendor + +find %{buildroot} -type f -name .packlist -exec rm -f '{}' \; +find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \; +find %{buildroot} -type f -empty -exec rm -f '{}' \; +find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \; +%if %{use_systemd} +install -p -D -m 0644 %{SOURCE10} \ + %{buildroot}%{_unitdir}/%{?scl:%scl_prefix}nginx.service + +sed -i 's|\$sbindir|%{_sbindir}|' \ + %{buildroot}%{_unitdir}/%{?scl:%scl_prefix}nginx.service +sed -i 's|\$localstatedir|%{_localstatedir}|' \ + %{buildroot}%{_unitdir}/%{?scl:%scl_prefix}nginx.service + +# Install action scripts +mkdir -p $RPM_BUILD_ROOT%{_root_libexecdir}/initscripts/legacy-actions/%{?scl:%scl_prefix}nginx +for f in upgrade; do + install -p -m 755 $RPM_SOURCE_DIR/action-${f}.sh \ + $RPM_BUILD_ROOT%{_root_libexecdir}/initscripts/legacy-actions/%{?scl:%scl_prefix}nginx/${f} + sed -i 's|\$nginxservice|%{?scl:%scl_prefix}nginx|' \ + $RPM_BUILD_ROOT%{_root_libexecdir}/initscripts/legacy-actions/%{?scl:%scl_prefix}nginx/${f} + sed -i 's|\$localstatedir|%{_localstatedir}|' \ + $RPM_BUILD_ROOT%{_root_libexecdir}/initscripts/legacy-actions/%{?scl:%scl_prefix}nginx/${f} +done + +%else +install -p -D -m 0755 %{SOURCE15} \ + %{buildroot}/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx + +sed -i 's|\$sbindir|%{_sbindir}|' \ + %{buildroot}/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx +sed -i 's|\$localstatedir|%{_localstatedir}|' \ + %{buildroot}/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx +sed -i 's|\$sysconfdir|%{_sysconfdir}|' \ + %{buildroot}/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx +sed -i 's|\$scl|%scl_prefix|' \ + %{buildroot}/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx + + +install -p -D -m 0644 %{SOURCE16} \ + %{buildroot}/etc/sysconfig/%{?scl:%scl_prefix}nginx + +sed -i 's|\$sysconfdir|%{_sysconfdir}|' \ + %{buildroot}/etc/sysconfig/%{?scl:%scl_prefix}nginx +%endif + +install -p -D -m 0644 %{SOURCE11} \ + %{buildroot}/etc/logrotate.d/%{?scl:%scl_prefix}nginx + +sed -i 's|\$logdir|%{nginx_logdir}|' \ + %{buildroot}/etc/logrotate.d/%{?scl:%scl_prefix}nginx +sed -i 's|\$localstatedir|%{_localstatedir}|' \ + %{buildroot}/etc/logrotate.d/%{?scl:%scl_prefix}nginx + +install -p -d -m 0755 %{buildroot}%{nginx_confdir}/conf.d +install -p -d -m 0700 %{buildroot}%{nginx_home} +install -p -d -m 0700 %{buildroot}%{nginx_home_tmp} +install -p -d -m 0700 %{buildroot}%{nginx_home_tmp}/client_body +install -p -d -m 0700 %{buildroot}%{nginx_home_tmp}/proxy +install -p -d -m 0700 %{buildroot}%{nginx_home_tmp}/fastcgi +install -p -d -m 0700 %{buildroot}%{nginx_home_tmp}/uwsgi +install -p -d -m 0700 %{buildroot}%{nginx_home_tmp}/scgi +install -p -d -m 0700 %{buildroot}%{nginx_logdir} +install -p -d -m 0755 %{buildroot}%{nginx_webroot} + +install -p -m 0644 %{SOURCE12} \ + %{buildroot}%{nginx_confdir} + +# Change the nginx.conf paths +sed -i 's|\$datadir|%{_datadir}|' \ + %{buildroot}%{nginx_confdir}/nginx.conf +sed -i 's|\$sysconfdir|%{_sysconfdir}|' \ + %{buildroot}%{nginx_confdir}/nginx.conf +sed -i 's|\$localstatedir|%{_localstatedir}|' \ + %{buildroot}%{nginx_confdir}/nginx.conf +sed -i 's|\$logdir|%{nginx_logdir}|' \ + %{buildroot}%{nginx_confdir}/nginx.conf + +touch -r %{SOURCE12} %{buildroot}%{nginx_confdir}/nginx.conf + +install -p -m 0644 %{SOURCE100} \ + %{buildroot}%{nginx_webroot} +install -p -m 0644 %{SOURCE101} %{SOURCE102} \ + %{buildroot}%{nginx_webroot} +install -p -m 0644 %{SOURCE103} %{SOURCE104} \ + %{buildroot}%{nginx_webroot} + +install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 \ + %{buildroot}%{_mandir}/man8/nginx.8 + +%if 0%{?scl:1} && 0%{?use_perl} +# pm man page is installed to bad directory for some reason... Move it to +# the proper one. +mkdir -p %{buildroot}%{_mandir}/man3/ +mv %{buildroot}/usr/share/man/man3/* %{buildroot}%{_mandir}/man3/ +%endif + +mkdir -p %{buildroot}%{_localstatedir}/run/nginx + +# Replaces variables in man page with proper values +sed -i 's|\%\%PREFIX\%\%|%{nginx_datadir}|' \ + %{buildroot}%{_mandir}/man8/nginx.8 +sed -i 's|\%\%PID_PATH\%\%|%{_localstatedir}/run/nginx/nginx.pid|' \ + %{buildroot}%{_mandir}/man8/nginx.8 +sed -i 's|\%\%CONF_PATH\%\%|%{nginx_confdir}/nginx.conf|' \ + %{buildroot}%{_mandir}/man8/nginx.8 +sed -i 's|\%\%ERROR_LOG_PATH\%\%|%{nginx_logdir}/error.log|' \ + %{buildroot}%{_mandir}/man8/nginx.8 + +%pre +getent group %{nginx_group} > /dev/null || groupadd -r %{nginx_group} +getent passwd %{nginx_user} > /dev/null || \ + useradd -r -d %{nginx_home} -g %{nginx_group} \ + -s /sbin/nologin -c "Nginx web server" %{nginx_user} +exit 0 + +%post +semanage fcontext -a -e /var/log/nginx %{nginx_logdir} >/dev/null 2>&1 || : +restorecon -R %{nginx_logdir} >/dev/null 2>&1 || : +%if %{use_systemd} +%systemd_post %{?scl:%scl_prefix}nginx.service +%else +if [ $1 -eq 1 ]; then + /sbin/chkconfig --add %{name} +fi +%endif +if [ $1 -eq 2 ]; then + # Make sure these directories are not world readable. + chmod 700 %{nginx_home} + chmod -R 700 %{nginx_home_tmp} + chmod 700 %{nginx_logdir} +fi + +%preun +%if %{use_systemd} +%systemd_preun %{?scl:%scl_prefix}nginx.service +%else +if [ $1 -eq 0 ]; then + /sbin/service %{name} stop >/dev/null 2>&1 + /sbin/chkconfig --del %{name} +fi +%endif + +%postun +%if %{use_systemd} +%systemd_postun %{?scl:%scl_prefix}nginx.service +%else +if [ $1 -eq 2 ]; then + /sbin/service %{name} upgrade || : +fi +%endif + +%files +%doc LICENSE CHANGES README +%{nginx_datadir}/ +%{_sbindir}/nginx +%if 0%{?use_perl} +%{_mandir}/man3/nginx.3pm* +%endif +%{_mandir}/man8/nginx.8* +%if %{use_systemd} +%{_unitdir}/%{?scl:%scl_prefix}nginx.service +%dir %{_root_libexecdir}/initscripts/legacy-actions/%{?scl:%scl_prefix}nginx +%{_root_libexecdir}/initscripts/legacy-actions/%{?scl:%scl_prefix}nginx/* +%else +/etc/rc.d/init.d/%{?scl:%scl_prefix}nginx +%config(noreplace) /etc/sysconfig/%{?scl:%scl_prefix}nginx +%endif +%dir %{nginx_confdir} +%dir %{nginx_confdir}/conf.d +%config(noreplace) %{nginx_confdir}/fastcgi.conf +%config(noreplace) %{nginx_confdir}/fastcgi.conf.default +%config(noreplace) %{nginx_confdir}/fastcgi_params +%config(noreplace) %{nginx_confdir}/fastcgi_params.default +%config(noreplace) %{nginx_confdir}/koi-utf +%config(noreplace) %{nginx_confdir}/koi-win +%config(noreplace) %{nginx_confdir}/mime.types +%config(noreplace) %{nginx_confdir}/mime.types.default +%config(noreplace) %{nginx_confdir}/nginx.conf +%config(noreplace) %{nginx_confdir}/nginx.conf.default +%config(noreplace) %{nginx_confdir}/scgi_params +%config(noreplace) %{nginx_confdir}/scgi_params.default +%config(noreplace) %{nginx_confdir}/uwsgi_params +%config(noreplace) %{nginx_confdir}/uwsgi_params.default +%config(noreplace) %{nginx_confdir}/win-utf +%config(noreplace) /etc/logrotate.d/%{?scl:%scl_prefix}nginx +%if 0%{?use_perl} +%dir %{perl_vendorarch}/auto/nginx +%{perl_vendorarch}/nginx.pm +%{perl_vendorarch}/auto/nginx/nginx.so +%endif +%attr(700,%{nginx_user},%{nginx_group}) %dir %{nginx_home} +%attr(700,%{nginx_user},%{nginx_group}) %{nginx_home_tmp} +%attr(700,%{nginx_user},%{nginx_group}) %dir %{nginx_logdir} +%attr(700,%{nginx_user},%{nginx_group}) %dir %{_localstatedir}/run/nginx + +%changelog +* Wed Sep 17 2014 Jan Kaluza - 1:1.6.1-2 +- prevent SSL session reuse in unrelated server{} blocks (CVE-2014-3616) + +* Wed Aug 06 2014 Jan Kaluza - 1:1.6.1-1 +- update to 1.6.1 (CVE-2014-3556) + +* Tue Jun 24 2014 Jan Kaluza - 1:1.6.0-2 +- rebuild because of rename to nginx16 + +* Mon Jun 9 2014 Joe Orton - 1:1.6.0-1 +- update to 1.6.0 (#1101921) + +* Tue Mar 4 2014 Joe Orton - 1:1.4.4-10 +- run restorecon in %%post for #1072266 + +* Tue Mar 4 2014 Joe Orton - 1:1.4.4-9 +- fix SELinux context for log directory (#1072266) + +* Thu Feb 20 2014 Jan Kaluza - 1:1.4.4-8 +- update poweredby logo and show it on default pages (#1065981) + +* Tue Feb 18 2014 Jan Kaluza - 1:1.4.4-7 +- correct 404 and 50x error pages (#1065981) +- use initscripts legacy actions for nginx-upgrade (#1065981) +- expand nginx man page variables (#1066056) + +* Mon Jan 06 2014 Jan Kaluza - 1:1.4.4-6 +- create temp subdirectories in nginx_home_tmp during installation (#1040470) + +* Tue Nov 26 2013 Joe Orton - 1:1.4.4-5 +- further default config tweak + +* Tue Nov 26 2013 Joe Orton - 1:1.4.4-4 +- update config file for log directory + +* Tue Nov 26 2013 Joe Orton - 1:1.4.4-3 +- change log directory + +* Tue Nov 19 2013 Joe Orton - 1:1.4.4-1 +- update to 1.4.4 (CVE-2013-4547) + +* Mon Nov 18 2013 Jan Kaluza - 1:1.4.2-6 +- require scl_runtime + +* Mon Nov 18 2013 Jan Kaluza - 1:1.4.2-5 +- improved index.html + +* Mon Nov 18 2013 Jan Kaluza - 1:1.4.2-4 +- support for software collections + +* Fri Aug 09 2013 Jonathan Steffan - 1:1.4.2-3 +- Add in conditionals to build for non-systemd targets + +* Sat Aug 03 2013 Petr Pisar - 1:1.4.2-2 +- Perl 5.18 rebuild + +* Fri Jul 19 2013 Jamie Nguyen - 1:1.4.2-1 +- update to upstream release 1.4.2 + +* Wed Jul 17 2013 Petr Pisar - 1:1.4.1-3 +- Perl 5.18 rebuild + +* Tue Jun 11 2013 Remi Collet - 1:1.4.1-2 +- rebuild for new GD 2.1.0 + +* Tue May 07 2013 Jamie Nguyen - 1:1.4.1-1 +- update to upstream release 1.4.1 (#960605, #960606): + CVE-2013-2028 stack-based buffer overflow when handling certain chunked + transfer encoding requests + +* Sun Apr 28 2013 Dan Horák - 1:1.4.0-2 +- gperftools exist only on selected arches + +* Fri Apr 26 2013 Jamie Nguyen - 1:1.4.0-1 +- update to upstream release 1.4.0 +- enable SPDY module (new in this version) +- enable http gunzip module (new in this version) +- enable google perftools module and add gperftools-devel to BR +- enable debugging (#956845) +- trim changelog + +* Tue Apr 02 2013 Jamie Nguyen - 1:1.2.8-1 +- update to upstream release 1.2.8 + +* Fri Feb 22 2013 Jamie Nguyen - 1:1.2.7-2 +- make sure nginx directories are not world readable (#913724, #913735) + +* Sat Feb 16 2013 Jamie Nguyen - 1:1.2.7-1 +- update to upstream release 1.2.7 +- add .asc file + +* Tue Feb 05 2013 Jamie Nguyen - 1:1.2.6-6 +- use 'kill' instead of 'systemctl' when rotating log files to workaround + SELinux issue (#889151) + +* Wed Jan 23 2013 Jamie Nguyen - 1:1.2.6-5 +- uncomment "include /etc/nginx/conf.d/*.conf by default but leave the + conf.d directory empty (#903065) + +* Wed Jan 23 2013 Jamie Nguyen - 1:1.2.6-4 +- add comment in nginx.conf regarding "include /etc/nginf/conf.d/*.conf" + (#903065) + +* Wed Dec 19 2012 Jamie Nguyen - 1:1.2.6-3 +- use correct file ownership when rotating log files + +* Tue Dec 18 2012 Jamie Nguyen - 1:1.2.6-2 +- send correct kill signal and use correct file permissions when rotating + log files (#888225) +- send correct kill signal in nginx-upgrade + +* Tue Dec 11 2012 Jamie Nguyen - 1:1.2.6-1 +- update to upstream release 1.2.6 + +* Sat Nov 17 2012 Jamie Nguyen - 1:1.2.5-1 +- update to upstream release 1.2.5 + +* Sun Oct 28 2012 Jamie Nguyen - 1:1.2.4-1 +- update to upstream release 1.2.4 +- introduce new systemd-rpm macros (#850228) +- link to official documentation not the community wiki (#870733) +- do not run systemctl try-restart after package upgrade to allow the + administrator to run nginx-upgrade and avoid downtime +- add nginx man page (#870738) +- add nginx-upgrade man page and remove README.fedora +- remove chkconfig from Requires(post/preun) +- remove initscripts from Requires(preun/postun) +- remove separate configuration files in "/etc/nginx/conf.d" directory + and revert to upstream default of a centralized nginx.conf file + (#803635) (#842738) + +* Fri Sep 21 2012 Jamie Nguyen - 1:1.2.3-1 +- update to upstream release 1.2.3 + +* Fri Jul 20 2012 Fedora Release Engineering - 1:1.2.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Jun 28 2012 Petr Pisar - 1:1.2.1-2 +- Perl 5.16 rebuild + +* Sun Jun 10 2012 Jamie Nguyen - 1:1.2.1-1 +- update to upstream release 1.2.1 + +* Fri Jun 08 2012 Petr Pisar - 1:1.2.0-2 +- Perl 5.16 rebuild + +* Wed May 16 2012 Jamie Nguyen - 1:1.2.0-1 +- update to upstream release 1.2.0 + +* Wed May 16 2012 Jamie Nguyen - 1:1.0.15-4 +- add nginx-upgrade to replace functionality from the nginx initscript + that was lost after migration to systemd +- add README.fedora to describe usage of nginx-upgrade +- nginx.logrotate: use built-in systemd kill command in postrotate script +- nginx.service: start after syslog.target and network.target +- nginx.service: remove unnecessary references to config file location +- nginx.service: use /bin/kill instead of "/usr/sbin/nginx -s" following + advice from nginx-devel +- nginx.service: use private /tmp + +* Mon May 14 2012 Jamie Nguyen - 1:1.0.15-3 +- fix incorrect postrotate script in nginx.logrotate + +* Thu Apr 19 2012 Jamie Nguyen - 1:1.0.15-2 +- renable auto-cc-gcc patch due to warnings on rawhide + +* Sat Apr 14 2012 Jamie Nguyen - 1:1.0.15-1 +- update to upstream release 1.0.15 +- no need to apply auto-cc-gcc patch +- add %%global _hardened_build 1 + +* Thu Mar 15 2012 Jamie Nguyen - 1:1.0.14-1 +- update to upstream release 1.0.14 +- amend some %%changelog formatting + +* Tue Mar 06 2012 Jamie Nguyen - 1:1.0.13-1 +- update to upstream release 1.0.13 +- amend --pid-path and --log-path + +* Sun Mar 04 2012 Jamie Nguyen - 1:1.0.12-5 +- change pid path in nginx.conf to match systemd service file + +* Sun Mar 04 2012 Jamie Nguyen - 1:1.0.12-3 +- fix %%pre scriptlet + +* Mon Feb 20 2012 Jamie Nguyen - 1:1.0.12-2 +- update upstream URL +- replace %%define with %%global +- remove obsolete BuildRoot tag, %%clean section and %%defattr +- remove various unnecessary commands +- add systemd service file and update scriptlets +- add Epoch to accommodate %%triggerun as part of systemd migration + +* Sun Feb 19 2012 Jeremy Hinegardner - 1.0.12-1 +- Update to 1.0.12 + +* Thu Nov 17 2011 Keiran "Affix" Smith - 1.0.10-1 +- Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes. +- Bugfix: in cache key calculation if internal MD5 implementation wasused; the bug had appeared in 1.0.4. +- Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora. + +* Thu Oct 27 2011 Keiran "Affix" Smith - 1.0.8-1 +- Update to new 1.0.8 stable release + +* Fri Aug 26 2011 Keiran "Affix" Smith - 1.0.5-1 +- Update nginx to Latest Stable Release + +* Fri Jun 17 2011 Marcela Mašláňová - 1.0.0-3 +- Perl mass rebuild + +* Thu Jun 09 2011 Marcela Mašláňová - 1.0.0-2 +- Perl 5.14 mass rebuild + +* Wed Apr 27 2011 Jeremy Hinegardner - 1.0.0-1 +- Update to 1.0.0 + +* Tue Feb 08 2011 Fedora Release Engineering - 0.8.53-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Dec 12 2010 Jeremy Hinegardner - 0.8.53.5 +- Extract out default config into its own file (bug #635776) + +* Sun Dec 12 2010 Jeremy Hinegardner - 0.8.53-4 +- Revert ownership of log dir + +* Sun Dec 12 2010 Jeremy Hinegardner - 0.8.53-3 +- Change ownership of /var/log/nginx to be 0700 nginx:nginx +- update init script to use killproc -p +- add reopen_logs command to init script +- update init script to use nginx -q option + +* Sun Oct 31 2010 Jeremy Hinegardner - 0.8.53-2 +- Fix linking of perl module + +* Sun Oct 31 2010 Jeremy Hinegardner - 0.8.53-1 +- Update to new stable 0.8.53 + +* Sat Jul 31 2010 Jeremy Hinegardner - 0.7.67-2 +- add Provides: webserver (bug #619693) + +* Sun Jun 20 2010 Jeremy Hinegardner - 0.7.67-1 +- Update to new stable 0.7.67 +- fix bugzilla #591543 + +* Tue Jun 01 2010 Marcela Maslanova - 0.7.65-2 +- Mass rebuild with perl-5.12.0 + +* Mon Feb 15 2010 Jeremy Hinegardner - 0.7.65-1 +- Update to new stable 0.7.65 +- change ownership of logdir to root:root +- add support for ipv6 (bug #561248) +- add random_index_module +- add secure_link_module + +* Fri Dec 04 2009 Jeremy Hinegardner - 0.7.64-1 +- Update to new stable 0.7.64