%global _hardened_build 1 %global nginx_user nginx %global openssl_version 1.1.0g %global rtmp_version 1.2.0 %global headers_more_version 0.32 %global nchan_version 1.1.7 %global brotli_version git+222564a %global nginx_ct_version 1.3.2 %global pcre_version 8.41 %global zlib_version 1.2.11 Name: nginx-openssl Version: 1.13.6 Release: 1%{?dist} Summary: Nginx web server and reverse proxy server with openssl Group: System Environment/Daemons # BSD License (two clause) # http://www.freebsd.org/copyright/freebsd-license.html License: BSD URL: http://nginx.org/ Source0: https://nginx.org/download/nginx-%{version}.tar.gz Source1: https://nginx.org/download/nginx-%{version}.tar.gz.asc Source2: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz Source3: https://github.com/grahamedgecombe/nginx-ct/archive/nginx-ct-%{nginx_ct_version}.tar.gz Source4: https://github.com/arut/nginx-rtmp-module/archive/nginx-rtmp-module-%{rtmp_version}.tar.gz Source5: https://github.com/openresty/headers-more-nginx-module/archive/headers-more-nginx-module-%{headers_more_version}.tar.gz Source6: ngx_brotli-%{brotli_version}.tar.xz Source7: http://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-%{pcre_version}.tar.gz Source8: http://zlib.net/zlib-%{zlib_version}.tar.gz Source9: https://github.com/slact/nchan/archive/nchan-v%{nchan_version}.tar.gz Source10: nginx.service Source11: nginx.logrotate Source12: nginx.conf Source13: nginx-upgrade Source14: nginx-upgrade.8 Source15: nginx-mime.types BuildRequires: systemd Requires(post): systemd Requires(preun): systemd Requires(postun): systemd ExclusiveArch: x86_64 Requires: %{name}-filesystem = %{version}-%{release} Provides: nginx = %{version} Provides: bundled(zlib) = %{zlib_version} Provides: bundled(pcre) = %{pcre_version} Provides: bundled(openssl-lib) = %{openssl_version} Conflicts: nginx-boringssl Conflicts: nginx-libressl Conflicts: nginx-wolfssl %description Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. This package uses OpenSSL for SSL/TLS. %package all-modules Group: System Environment/Daemons Summary: A meta package that installs all available Nginx modules BuildArch: noarch Requires: %{name}-mod-ct = %{version}-%{release} Requires: %{name}-mod-http-geoip = %{version}-%{release} Requires: %{name}-mod-http-headers-more-filter = %{version}-%{release} Requires: %{name}-mod-http-image-filter = %{version}-%{release} Requires: %{name}-mod-http-perl = %{version}-%{release} Requires: %{name}-mod-http-xslt-filter = %{version}-%{release} Requires: %{name}-mod-mail = %{version}-%{release} Requires: %{name}-mod-nchan = %{version}-%{release} Requires: %{name}-mod-rtmp = %{version}-%{release} Requires: %{name}-mod-stream = %{version}-%{release} Requires: %{name}-mod-stream-geoip = %{version}-%{release} %description all-modules %{summary}. %package mod-ct Group: System Environment/Daemons Summary: Nginx HTTP Certificate Transparency module URL: https://github.com/grahamedgecombe/nginx-ct Requires: %{name} %description mod-ct %{summary}. %package filesystem Group: System Environment/Daemons Summary: The basic directory layout for the Nginx server BuildArch: noarch Requires: %{name} Requires(pre): shadow-utils %description filesystem The nginx-filesystem package contains the basic directory layout for the Nginx server including the correct permissions for the directories. %package mod-http-geoip Group: System Environment/Daemons Summary: Nginx HTTP geoip module URL: https://nginx.org/en/docs/http/ngx_http_geoip_module.html BuildRequires: GeoIP-devel Requires: %{name} Requires: GeoIP %description mod-http-geoip %{summary}. %package mod-http-headers-more-filter Group: System Environment/Daemons Summary: Nginx HTTP Headers more module URL: https://github.com/openresty/headers-more-nginx-module Requires: %{name} %description mod-http-headers-more-filter %{summary}. %package mod-http-image-filter Group: System Environment/Daemons Summary: Nginx HTTP image filter module URL: https://nginx.org/en/docs/http/ngx_http_image_filter_module.html BuildRequires: gd-devel Requires: %{name} Requires: gd %description mod-http-image-filter %{summary}. %package mod-http-xslt-filter Group: System Environment/Daemons Summary: Nginx XSLT module URL: https://nginx.org/en/docs/http/ngx_http_xslt_module.html BuildRequires: libxslt-devel Requires: %{name} %description mod-http-xslt-filter %{summary}. %package mod-http-perl Group: System Environment/Daemons Summary: Nginx HTTP perl module URL: https://nginx.org/en/docs/http/ngx_http_perl_module.html BuildRequires: perl-devel %if 0%{?fedora} >= 24 BuildRequires: perl-generators %endif BuildRequires: perl(ExtUtils::Embed) Requires: %{name} Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) %description mod-http-perl %{summary}. %package mod-mail Group: System Environment/Daemons Summary: Nginx mail modules URL: https://nginx.org/en/docs/mail/ngx_mail_core_module.html Requires: %{name} %description mod-mail %{summary}. %package mod-nchan Group: System Environment/Daemons Summary: Nginx nchan module URL: https://nchan.io/ Requires: %{name} %description mod-nchan %{summary}. %package mod-rtmp Group: System Environment/Daemons Summary: Nginx rtmp module URL: https://github.com/arut/nginx-rtmp-module Requires: %{name} %description mod-rtmp %{summary}. %package mod-stream Group: System Environment/Daemons Summary: Nginx stream modules URL: https://nginx.org/en/docs/stream/ngx_stream_core_module.html Requires: %{name} %description mod-stream %{summary}. %package mod-stream-geoip Group: System Environment/Daemons Summary: Nginx stream GeoIP modules URL: https://nginx.org/en/docs/stream/ngx_stream_geoip_module.html BuildRequires: GeoIP-devel Requires: %{name}-mod-stream Requires: GeoIP %description mod-stream-geoip %{summary}. When using this modules, load %{name}-mod-stream before this one. %prep %setup -q -n nginx-%{version} -b 2 -b 3 -b 4 -b 5 -b 6 -b 7 -b 8 -b 9 %if 0%{?rhel} < 8 sed -i -e 's#KillMode=.*#KillMode=process#g' %{SOURCE10} sed -i -e 's#PROFILE=SYSTEM#HIGH:!aNULL:!MD5#' %{SOURCE12} %endif %build # nginx does not utilize a standard configure script. It has its own # and the standard configure options cause the nginx configure script # to error out. This is is also the reason for the DESTDIR environment # variable. export DESTDIR=%{buildroot} ./configure \ --prefix=%{_datadir}/nginx \ --sbin-path=%{_sbindir}/nginx \ --modules-path=%{_libdir}/nginx/modules \ --conf-path=%{_sysconfdir}/nginx/nginx.conf \ --error-log-path=%{_localstatedir}/log/nginx/error.log \ --http-log-path=%{_localstatedir}/log/nginx/access.log \ --http-client-body-temp-path=%{_localstatedir}/lib/nginx/tmp/client_body \ --http-proxy-temp-path=%{_localstatedir}/lib/nginx/tmp/proxy \ --http-fastcgi-temp-path=%{_localstatedir}/lib/nginx/tmp/fastcgi \ --http-uwsgi-temp-path=%{_localstatedir}/lib/nginx/tmp/uwsgi \ --http-scgi-temp-path=%{_localstatedir}/lib/nginx/tmp/scgi \ --pid-path=/run/nginx.pid \ --lock-path=/run/lock/subsys/nginx \ --user=%{nginx_user} \ --group=%{nginx_user} \ --with-file-aio \ --with-http_ssl_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_stub_status_module \ --with-http_perl_module=dynamic \ --with-http_auth_request_module \ --with-http_xslt_module=dynamic \ --with-http_image_filter_module=dynamic \ --with-http_geoip_module=dynamic \ --with-threads \ --with-stream=dynamic \ --with-stream_ssl_module \ --with-stream_realip_module \ --with-stream_ssl_preread_module \ --with-stream_geoip_module=dynamic \ --with-http_slice_module \ --with-mail=dynamic \ --with-mail_ssl_module \ --with-file-aio \ --with-http_v2_module \ --with-pcre \ --with-pcre-jit \ --with-debug \ --with-compat \ --with-zlib=../zlib-%{zlib_version} \ --with-pcre=../pcre-%{pcre_version} \ --with-openssl=../openssl-%{openssl_version} \ --add-module=../ngx_brotli \ --add-dynamic-module=../nginx-ct-%{nginx_ct_version} \ --add-dynamic-module=../nchan-%{nchan_version} \ --add-dynamic-module=../nginx-rtmp-module-%{rtmp_version} \ --add-dynamic-module=../headers-more-nginx-module-%{headers_more_version} \ --with-cc-opt="-fPIC -pie %{optflags}" \ --with-ld-opt="-Wl,-z,now -lrt -Wl,-E" make %{?_smp_mflags} %install make install DESTDIR=%{buildroot} INSTALLDIRS=vendor find %{buildroot} -type f -name .packlist -exec rm -f '{}' \; find %{buildroot} -type f -name perllocal.pod -exec rm -f '{}' \; find %{buildroot} -type f -empty -exec rm -f '{}' \; find %{buildroot} -type f -iname '*.so' -exec chmod 0755 '{}' \; install -p -D -m 0644 %{SOURCE10} \ %{buildroot}%{_unitdir}/nginx.service install -p -D -m 0644 %{SOURCE11} \ %{buildroot}%{_sysconfdir}/logrotate.d/nginx install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/conf.d install -p -d -m 0755 %{buildroot}%{_sysconfdir}/nginx/default.d install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx install -p -d -m 0700 %{buildroot}%{_localstatedir}/lib/nginx/tmp install -p -d -m 0700 %{buildroot}%{_localstatedir}/log/nginx install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/html install -p -d -m 0755 %{buildroot}%{_datadir}/nginx/modules install -p -d -m 0755 %{buildroot}%{_libdir}/nginx/modules install -p -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/nginx install -p -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/nginx/mime.types install -p -D -m 0644 %{_builddir}/nginx-%{version}/man/nginx.8 \ %{buildroot}%{_mandir}/man8/nginx.8 install -p -D -m 0755 %{SOURCE13} %{buildroot}%{_bindir}/nginx-upgrade install -p -D -m 0644 %{SOURCE14} %{buildroot}%{_mandir}/man8/nginx-upgrade.8 for i in ftdetect indent syntax; do install -p -D -m644 contrib/vim/${i}/nginx.vim \ %{buildroot}%{_datadir}/vim/vimfiles/${i}/nginx.vim done echo 'load_module "%{_libdir}/nginx/modules/ngx_ssl_ct_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-ct.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_http_ssl_ct_module.so";' \ >> %{buildroot}%{_datadir}/nginx/modules/mod-ct.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_http_geoip_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-geoip.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_http_headers_more_filter_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-headers-more-filter.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_http_image_filter_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-image-filter.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_http_perl_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-perl.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-http-xslt-filter.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_mail_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-mail.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_nchan_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-nchan.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_rtmp_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-rtmp.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-stream.conf echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_geoip_module.so";' \ > %{buildroot}%{_datadir}/nginx/modules/mod-stream-geoip.conf %pre filesystem getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user} getent passwd %{nginx_user} > /dev/null || \ useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \ -s /sbin/nologin -c "Nginx web server" %{nginx_user} exit 0 %post %systemd_post nginx.service %post mod-ct if [ $1 -eq 1 ]; then /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : fi %post mod-http-geoip if [ $1 -eq 1 ]; then /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : fi %post mod-http-headers-more-filter if [ $1 -eq 1 ]; then /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : fi %post mod-http-image-filter if [ $1 -eq 1 ]; then /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : fi %post mod-http-perl if [ $1 -eq 1 ]; then /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : fi %post mod-http-xslt-filter if [ $1 -eq 1 ]; then /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : fi %post mod-mail if [ $1 -eq 1 ]; then /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : fi %post mod-nchan if [ $1 -eq 1 ]; then /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : fi %post mod-rtmp if [ $1 -eq 1 ]; then /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : fi %post mod-stream if [ $1 -eq 1 ]; then /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : fi %post mod-stream-geoip if [ $1 -eq 1 ]; then /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || : fi %preun %systemd_preun nginx.service %postun %systemd_postun nginx.service if [ $1 -ge 1 ]; then /usr/bin/nginx-upgrade >/dev/null 2>&1 || : fi %files %license LICENSE %doc CHANGES README %{_datadir}/nginx/html/* %{_bindir}/nginx-upgrade %{_sbindir}/nginx %{_datadir}/vim/vimfiles/ftdetect/nginx.vim %{_datadir}/vim/vimfiles/syntax/nginx.vim %{_datadir}/vim/vimfiles/indent/nginx.vim %{_mandir}/man8/nginx.8* %{_mandir}/man8/nginx-upgrade.8* %{_unitdir}/nginx.service %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf %config(noreplace) %{_sysconfdir}/nginx/fastcgi.conf.default %config(noreplace) %{_sysconfdir}/nginx/fastcgi_params %config(noreplace) %{_sysconfdir}/nginx/fastcgi_params.default %config(noreplace) %{_sysconfdir}/nginx/koi-utf %config(noreplace) %{_sysconfdir}/nginx/koi-win %config(noreplace) %{_sysconfdir}/nginx/mime.types %config(noreplace) %{_sysconfdir}/nginx/mime.types.default %config(noreplace) %{_sysconfdir}/nginx/nginx.conf %config(noreplace) %{_sysconfdir}/nginx/nginx.conf.default %config(noreplace) %{_sysconfdir}/nginx/scgi_params %config(noreplace) %{_sysconfdir}/nginx/scgi_params.default %config(noreplace) %{_sysconfdir}/nginx/uwsgi_params %config(noreplace) %{_sysconfdir}/nginx/uwsgi_params.default %config(noreplace) %{_sysconfdir}/nginx/win-utf %config(noreplace) %{_sysconfdir}/logrotate.d/nginx %attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx %attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/lib/nginx/tmp %attr(700,%{nginx_user},%{nginx_user}) %dir %{_localstatedir}/log/nginx %dir %{_libdir}/nginx/modules %files all-modules %files filesystem %dir %{_datadir}/nginx %dir %{_datadir}/nginx/html %dir %{_sysconfdir}/nginx %dir %{_sysconfdir}/nginx/conf.d %dir %{_sysconfdir}/nginx/default.d %files mod-ct %{_datadir}/nginx/modules/mod-ct.conf %{_libdir}/nginx/modules/ngx_ssl_ct_module.so %{_libdir}/nginx/modules/ngx_http_ssl_ct_module.so %files mod-http-geoip %{_datadir}/nginx/modules/mod-http-geoip.conf %{_libdir}/nginx/modules/ngx_http_geoip_module.so %files mod-http-headers-more-filter %{_datadir}/nginx/modules/mod-http-headers-more-filter.conf %{_libdir}/nginx/modules/ngx_http_headers_more_filter_module.so %files mod-http-image-filter %{_datadir}/nginx/modules/mod-http-image-filter.conf %{_libdir}/nginx/modules/ngx_http_image_filter_module.so %files mod-http-perl %{_datadir}/nginx/modules/mod-http-perl.conf %{_libdir}/nginx/modules/ngx_http_perl_module.so %{_mandir}/man3/nginx.3pm* %dir %{perl_vendorarch}/auto/nginx %{perl_vendorarch}/nginx.pm %{perl_vendorarch}/auto/nginx/nginx.so %files mod-http-xslt-filter %{_datadir}/nginx/modules/mod-http-xslt-filter.conf %{_libdir}/nginx/modules/ngx_http_xslt_filter_module.so %files mod-mail %{_datadir}/nginx/modules/mod-mail.conf %{_libdir}/nginx/modules/ngx_mail_module.so %files mod-nchan %{_datadir}/nginx/modules/mod-nchan.conf %{_libdir}/nginx/modules/ngx_nchan_module.so %files mod-rtmp %{_datadir}/nginx/modules/mod-rtmp.conf %{_libdir}/nginx/modules/ngx_rtmp_module.so %files mod-stream %{_datadir}/nginx/modules/mod-stream.conf %{_libdir}/nginx/modules/ngx_stream_module.so %files mod-stream-geoip %{_datadir}/nginx/modules/mod-stream-geoip.conf %{_libdir}/nginx/modules/ngx_stream_geoip_module.so %changelog * Fri Nov 3 2017 Matthias Adler - 1.13.6-1 - Update nginx to 1.13.6 - Update openssl to 1.1.0g * Tue Aug 8 2017 Matthias Adler - 1.13.4-1 - Update nginx to 1.13.4 - Update nginx-rtmp-module to v1.2.0 - Use named packages from github * Mon Jul 17 2017 Matthias Adler - 1.13.3-1 - Update nginx to 1.13.3 (CVE-2017-7529) - Update pcre to 8.41 - Add 'nchan' module - Add documentation URLs to all modules - Add explicit "bundles" information to provides * Wed Jun 28 2017 Matthias Adler - 1.13.2-1 - Initial release with openssl 1.1.0f - Add certificate transparency v1.3.2 dynamic module