New Nginx package including ldap auth module

2018-04-14 22:38:17 +02:00
parent 1ac601ec64
commit 98e9a68f8c
2 changed files with 473 additions and 0 deletions
--- a/fedora/SPECS/haproxy.spec
+++ b/fedora/SPECS/haproxy.spec
@@ -116,6 +116,9 @@ exit 0
 %postun
 %systemd_postun_with_restart %{name}.service

+%clean
+[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot}
+
 %files
 %defattr(-,root,root,-)
 %doc doc/* examples/*
--- a/fedora/SPECS/nginx.spec
+++ b/fedora/SPECS/nginx.spec
@@ -0,0 +1,470 @@
+%global  _hardened_build     1
+%global  nginx_user          nginx
+%global  with_ldap_module    1
+
+# gperftools exist only on selected arches
+%ifnarch s390 s390x
+%global with_gperftools 1
+%endif
+
+%global with_aio 1
+
+%if 0%{?fedora} > 22
+%global with_mailcap_mimetypes 1
+%endif
+
+Name:              nginx
+Epoch:             1
+Version:           1.13.12
+Release:           2%{?dist}
+
+Summary:           A high performance web server and reverse proxy server
+Group:             System Environment/Daemons
+# BSD License (two clause)
+# http://www.freebsd.org/copyright/freebsd-license.html
+License:           BSD
+URL:               http://nginx.org/
+
+Source0:           https://nginx.org/download/nginx-%{version}.tar.gz
+Source1:           ngx_http_auth_ldap_module.tar.gz
+Source10:          nginx.service
+Source11:          nginx.logrotate
+Source12:          nginx.conf
+Source13:          nginx-upgrade
+Source14:          nginx-upgrade.8
+Source100:         index.html
+Source101:         poweredby.png
+Source102:         nginx-logo.png
+Source103:         404.html
+Source104:         50x.html
+Source200:         README.dynamic
+Source210:         UPGRADE-NOTES-1.6-to-1.10
+
+# removes -Werror in upstream build scripts.  -Werror conflicts with
+# -D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
+Patch0:            nginx-auto-cc-gcc.patch
+
+%if 0%{?with_gperftools}
+BuildRequires:     gperftools-devel
+%endif
+BuildRequires:     openssl-devel
+BuildRequires:     pcre-devel
+BuildRequires:     zlib-devel
+
+Requires:          nginx-filesystem = %{epoch}:%{version}-%{release}
+
+%if 0%{?rhel} || 0%{?fedora} < 24
+# Introduced at 1:1.10.0-1 to ease upgrade path. To be removed later.
+Requires:          nginx-all-modules = %{epoch}:%{version}-%{release}
+%endif
+
+Requires:          openssl
+Requires:          pcre
+Requires(pre):     nginx-filesystem
+%if 0%{?with_mailcap_mimetypes}
+Requires:          nginx-mimetypes
+%endif
+Provides:          webserver
+
+BuildRequires:     systemd
+Requires(post):    systemd
+Requires(preun):   systemd
+Requires(postun):  systemd
+
+%description
+Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
+IMAP protocols, with a strong focus on high concurrency, performance and low
+memory usage.
+
+%package all-modules
+Group:             System Environment/Daemons
+Summary:           A meta package that installs all available Nginx modules
+BuildArch:         noarch
+
+Requires:          nginx-mod-http-geoip = %{epoch}:%{version}-%{release}
+Requires:          nginx-mod-http-image-filter = %{epoch}:%{version}-%{release}
+Requires:          nginx-mod-http-perl = %{epoch}:%{version}-%{release}
+Requires:          nginx-mod-http-xslt-filter = %{epoch}:%{version}-%{release}
+Requires:          nginx-mod-mail = %{epoch}:%{version}-%{release}
+Requires:          nginx-mod-stream = %{epoch}:%{version}-%{release}
+
+%description all-modules
+%{summary}.
+%if 0%{?rhel}
+The main nginx package depends on this to ease the upgrade path. After a grace
+period of several months, modules will become optional.
+%endif
+%if 0%{?fedora} && 0%{?fedora} < 24
+The main nginx package depends on this to ease the upgrade path. Starting from
+Fedora 24, modules are optional.
+%endif
+
+%package filesystem
+Group:             System Environment/Daemons
+Summary:           The basic directory layout for the Nginx server
+BuildArch:         noarch
+Requires(pre):     shadow-utils
+
+%description filesystem
+The nginx-filesystem package contains the basic directory layout
+for the Nginx server including the correct permissions for the
+directories.
+
+%package mod-http-geoip
+Group:             System Environment/Daemons
+Summary:           Nginx HTTP geoip module
+BuildRequires:     GeoIP-devel
+Requires:          nginx
+Requires:          GeoIP
+
+%description mod-http-geoip
+%{summary}.
+
+%package mod-http-image-filter
+Group:             System Environment/Daemons
+Summary:           Nginx HTTP image filter module
+BuildRequires:     gd-devel
+Requires:          nginx
+Requires:          gd
+
+%description mod-http-image-filter
+%{summary}.
+
+%package mod-http-perl
+Group:             System Environment/Daemons
+Summary:           Nginx HTTP perl module
+BuildRequires:     perl-devel
+%if 0%{?fedora} >= 24
+BuildRequires:     perl-generators
+%endif
+BuildRequires:     perl(ExtUtils::Embed)
+Requires:          nginx
+Requires:          perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+
+%description mod-http-perl
+%{summary}.
+
+%package mod-http-xslt-filter
+Group:             System Environment/Daemons
+Summary:           Nginx XSLT module
+BuildRequires:     libxslt-devel
+Requires:          nginx
+
+%description mod-http-xslt-filter
+%{summary}.
+
+%package mod-mail
+Group:             System Environment/Daemons
+Summary:           Nginx mail modules
+Requires:          nginx
+
+%description mod-mail
+%{summary}.
+
+%package mod-stream
+Group:             System Environment/Daemons
+Summary:           Nginx stream modules
+Requires:          nginx
+
+%description mod-stream
+%{summary}.
+
+ %if 0%{?with_ldap_module}
+%package mod-auth-ldap
+Group:             System Environment/Daemons
+Summary:           Nginx ldap auth modules
+Requires:          nginx
+BuildRequires:     openldap-devel
+
+%description mod-auth-ldap
+LDAP auth module for nginx
+%endif
+
+
+%prep
+%if 0%{?with_ldap_module}
+%setup -q -b 1 -n ngx_http_auth_ldap_module
+%endif
+%setup -q
+%patch0 -p0
+cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
+
+%if 0%{?rhel} > 0 && 0%{?rhel} < 8
+sed -i -e 's#KillMode=.*#KillMode=process#g' nginx.service
+sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' nginx.conf
+%endif
+
+
+%build
+# nginx does not utilize a standard configure script.  It has its own
+# and the standard configure options cause the nginx configure script
+# to error out.  This is is also the reason for the DESTDIR environment
+# variable.
+export DESTDIR=%{buildroot}
+./configure \
+    --prefix=%{_datadir}/nginx \
+    --sbin-path=%{_sbindir}/nginx \
+    --modules-path=%{_libdir}/nginx/modules \
+    --conf-path=%{_sysconfdir}/nginx/nginx.conf \
+    --error-log-path=%{_localstatedir}/log/nginx/error.log \
+    --http-log-path=%{_localstatedir}/log/nginx/access.log \
+    --http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \
+    --http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \
+    --http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \
+    --http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \
+    --http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \
+    --pid-path=/run/nginx.pid \
+    --lock-path=/run/lock/subsys/nginx \
+    --user=%{nginx_user} \
+    --group=%{nginx_user} \
+%if 0%{?with_aio}
+    --with-file-aio \
+%endif
+    --with-ipv6 \
+    --with-http_ssl_module \
+    --with-http_v2_module \
+    --with-http_realip_module \
+    --with-http_addition_module \
+    --with-http_xslt_module=dynamic \
+    --with-http_image_filter_module=dynamic \
+    --with-http_geoip_module=dynamic \
+    --with-http_sub_module \
+    --with-http_dav_module \
+    --with-http_flv_module \
+    --with-http_mp4_module \
+    --with-http_gunzip_module \
+    --with-http_gzip_static_module \
+    --with-http_random_index_module \
+    --with-http_secure_link_module \
+    --with-http_degradation_module \
+    --with-http_slice_module \
+    --with-http_stub_status_module \
+    --with-http_perl_module=dynamic \
+    --with-http_auth_request_module \
+    --with-mail=dynamic \
+    --with-mail_ssl_module \
+    --with-pcre \
+    --with-pcre-jit \
+    --with-stream=dynamic \
+    --with-stream_ssl_module \
+%if 0%{?with_gperftools}
+    --with-google_perftools_module \
+%endif
+%if 0%{?with_ldap_module}
+    --add-dynamic-module=%{_builddir}/ngx_http_auth_ldap_module \
+%endif
+    --with-debug \
+    --with-cc-opt="%{optflags} $(pcre-config --cflags)" \
+    --with-ld-opt="$RPM_LD_FLAGS -Wl,-E" # so the perl module finds its symbols
+
+make %{?_smp_mflags}
+
+
+%install
+make install DESTDIR=%{buildroot} INSTALLDIRS=vendor
+
+find %{buildroot} -type f -name .packlist -exec rm -f '{}' \;
+find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \;
+find %{buildroot} -type f -empty -exec rm -f '{}' \;
+find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \;
+
+install -p -D -m 0644 ./nginx.service \
+    %{buildroot}%{_unitdir}/nginx.service
+install -p -D -m 0644 %{SOURCE11} \
+    %{buildroot}%{_sysconfdir}/logrotate.d/nginx
+
+install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d
+install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d
+
+install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx
+install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp
+install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx
+
+install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html
+install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules
+install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules
+
+%if 0%{?with_ldap_module}
+install -m 0755 ./objs/ngx_http_auth_ldap_module.so %{buildroot}%{_libdir}/nginx/modules/ngx_http_auth_ldap_module.so
+install -p -D -m 0644 %{_builddir}/ngx_http_auth_ldap_module/example.conf %{buildroot}%{_defaultdocdir}/%{name}/auth_ldap_example.conf
+%endif
+
+install -p -m 0644 ./nginx.conf \
+    %{buildroot}%{_sysconfdir}/nginx
+install -p -m 0644 %{SOURCE100} \
+    %{buildroot}%{_datadir}/nginx/html
+install -p -m 0644 %{SOURCE101} %{SOURCE102} \
+    %{buildroot}%{_datadir}/nginx/html
+install -p -m 0644 %{SOURCE103} %{SOURCE104} \
+    %{buildroot}%{_datadir}/nginx/html
+
+%if 0%{?with_mailcap_mimetypes}
+rm -f %{buildroot}%{_sysconfdir}/nginx/mime.types
+%endif
+
+install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 \
+    %{buildroot}%{_mandir}/man8/nginx.8
+
+install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade
+install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8
+
+for i in ftdetect indent syntax; do
+    install -p -D -m644 contrib/vim/${i}/nginx.vim \
+        %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim
+done
+
+echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \
+    > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf
+echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \
+    > %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf
+echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \
+    > %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf
+echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \
+    > %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
+echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \
+    > %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf
+echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \
+    > %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf
+%if 0%{?with_ldap_module}
+echo 'load_module "%{_libdir}/nginx/modules/ngx_http_auth_ldap_module.so";' \
+    > %{buildroot}%{_datadir}/nginx/modules/mod-http_auth-ldap.conf
+%endif
+
+%pre filesystem
+getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
+getent passwd %{nginx_user} > /dev/null || \
+    useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \
+    -s /sbin/nologin -c "Nginx web server" %{nginx_user}
+exit 0
+
+%post
+%systemd_post nginx.service
+
+%post mod-http-geoip
+if [ $1 -eq 1 ]; then
+    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+
+%post mod-http-image-filter
+if [ $1 -eq 1 ]; then
+    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+
+%post mod-http-perl
+if [ $1 -eq 1 ]; then
+    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+
+%post mod-http-xslt-filter
+if [ $1 -eq 1 ]; then
+    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+
+%post mod-mail
+if [ $1 -eq 1 ]; then
+    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+
+%post mod-stream
+if [ $1 -eq 1 ]; then
+    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+
+%preun
+%systemd_preun nginx.service
+
+%postun
+%systemd_postun nginx.service
+if [ $1 -ge 1 ]; then
+    /usr/bin/nginx-upgrade >/dev/null 2>&1 || :
+fi
+
+%files
+%license LICENSE
+%doc CHANGES README README.dynamic
+%if 0%{?rhel} == 7
+%doc UPGRADE-NOTES-1.6-to-1.10
+%endif
+%{_datadir}/nginx/html/*
+%{_bindir}/nginx-upgrade
+%{_sbindir}/nginx
+%{_datadir}/vim/vimfiles/ftdetect/nginx.vim
+%{_datadir}/vim/vimfiles/syntax/nginx.vim
+%{_datadir}/vim/vimfiles/indent/nginx.vim
+%{_mandir}/man3/nginx.3pm*
+%{_mandir}/man8/nginx.8*
+%{_mandir}/man8/nginx-upgrade.8*
+%{_unitdir}/nginx.service
+%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf
+%config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default
+%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params
+%config(noreplace) %{_sysconfdir}/nginx/fastcgi_params.default
+%config(noreplace) %{_sysconfdir}/nginx/koi-utf
+%config(noreplace) %{_sysconfdir}/nginx/koi-win
+%if ! 0%{?with_mailcap_mimetypes}
+%config(noreplace) %{_sysconfdir}/nginx/mime.types
+%endif
+%config(noreplace) %{_sysconfdir}/nginx/mime.types.default
+%config(noreplace) %{_sysconfdir}/nginx/nginx.conf
+%config(noreplace) %{_sysconfdir}/nginx/nginx.conf.default
+%config(noreplace) %{_sysconfdir}/nginx/scgi_params
+%config(noreplace) %{_sysconfdir}/nginx/scgi_params.default
+%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params
+%config(noreplace) %{_sysconfdir}/nginx/uwsgi_params.default
+%config(noreplace) %{_sysconfdir}/nginx/win-utf
+%config(noreplace) %{_sysconfdir}/logrotate.d/nginx
+%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx
+%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx/tmp
+%attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/log/nginx
+%dir %{_libdir}/nginx/modules
+
+%files all-modules
+
+%files filesystem
+%dir %{_datadir}/nginx
+%dir %{_datadir}/nginx/html
+%dir %{_sysconfdir}/nginx
+%dir %{_sysconfdir}/nginx/conf.d
+%dir %{_sysconfdir}/nginx/default.d
+
+%files mod-http-geoip
+%{_datadir}/nginx/modules/mod-http-geoip.conf
+%{_libdir}/nginx/modules/ngx_http_geoip_module.so
+
+%files mod-http-image-filter
+%{_datadir}/nginx/modules/mod-http-image-filter.conf
+%{_libdir}/nginx/modules/ngx_http_image_filter_module.so
+
+%files mod-http-perl
+%{_datadir}/nginx/modules/mod-http-perl.conf
+%{_libdir}/nginx/modules/ngx_http_perl_module.so
+%dir %{perl_vendorarch}/auto/nginx
+%{perl_vendorarch}/nginx.pm
+%{perl_vendorarch}/auto/nginx/nginx.so
+
+%files mod-http-xslt-filter
+%{_datadir}/nginx/modules/mod-http-xslt-filter.conf
+%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so
+
+%files mod-mail
+%{_datadir}/nginx/modules/mod-mail.conf
+%{_libdir}/nginx/modules/ngx_mail_module.so
+
+%files mod-stream
+%{_datadir}/nginx/modules/mod-stream.conf
+%{_libdir}/nginx/modules/ngx_stream_module.so
+
+%if 0%{?with_ldap_module}
+%files mod-auth-ldap
+%{_datadir}/nginx/modules/mod-http_auth-ldap.conf
+%{_libdir}/nginx/modules/ngx_http_auth_ldap_module.so
+%{_defaultdocdir}/%{name}/auth_ldap_example.conf
+%endif
+
+%clean
+[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot}
+
+%changelog
+* Sat Apr 14 2018 Daniel Steiner <daniel.steiner@greenmail.ch> 1.13.12-2
+- Auth-ldap module added for basic auth over LDAP.
+