267 строки
10 KiB
Plaintext
267 строки
10 KiB
Plaintext
%global nginx_user nginx
|
|
%global njs_version 0.7.12
|
|
%global opentelemetry_cpp_contrib_git_commit 37e4466d882cbddff6f607a20fe327060de76166
|
|
|
|
Summary: High-performance HTTP server and reverse proxy
|
|
Name: nginx
|
|
# Currently on "stable" version of nginx from https://nginx.org/en/download.html.
|
|
# Note: Stable versions are even (1.20), mainline versions are odd (1.21)
|
|
Version: 1.22.1
|
|
Release: 12%{?dist}
|
|
License: BSD-2-Clause
|
|
Vendor: Microsoft Corporation
|
|
Distribution: Mariner
|
|
Group: Applications/System
|
|
URL: https://nginx.org/
|
|
Source0: https://nginx.org/download/%{name}-%{version}.tar.gz
|
|
Source1: nginx.service
|
|
Source2: https://github.com/nginx/njs/archive/refs/tags/%{njs_version}.tar.gz#/%{name}-njs-%{njs_version}.tar.gz
|
|
Source3: https://github.com/open-telemetry/opentelemetry-cpp-contrib/archive/%{opentelemetry_cpp_contrib_git_commit}.tar.gz#/opentelemetry-cpp-contrib-%{opentelemetry_cpp_contrib_git_commit}.tar.gz
|
|
Patch0: CVE-2023-44487.patch
|
|
Patch1: CVE-2024-7347.patch
|
|
BuildRequires: libxml2-devel
|
|
BuildRequires: libxslt-devel
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: pcre-devel
|
|
BuildRequires: pcre2-devel
|
|
BuildRequires: readline-devel
|
|
BuildRequires: which
|
|
BuildRequires: zlib-devel
|
|
Requires: %{name}-filesystem = %{version}-%{release}
|
|
Requires: %{name}-mimetypes
|
|
|
|
%description
|
|
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.
|
|
|
|
%package filesystem
|
|
Summary: The basic directory layout for the Nginx server
|
|
BuildArch: noarch
|
|
Requires(pre): shadow-utils
|
|
|
|
%description filesystem
|
|
The nginx-filesystem package contains the basic directory layout
|
|
for the Nginx server including the correct permissions for the
|
|
directories.
|
|
|
|
%package otel_ngx_module
|
|
License: Apache-2.0
|
|
Summary: OpenTelemetry Nginx Module
|
|
BuildRequires: grpc-devel
|
|
BuildRequires: opentelemetry-cpp-devel
|
|
BuildRequires: protobuf-devel
|
|
Requires: opentelemetry-cpp
|
|
|
|
%description otel_ngx_module
|
|
The OpenTelemetry module for Nginx
|
|
|
|
%prep
|
|
%autosetup -p1
|
|
pushd ../
|
|
mkdir nginx-njs
|
|
tar -C nginx-njs -xf %{SOURCE2}
|
|
mkdir otel-cpp-contrib
|
|
tar -C otel-cpp-contrib -xf %{SOURCE3}
|
|
# The following change is a build break in upstream and a PR has been raised to fix it.
|
|
# PR: https://github.com/open-telemetry/opentelemetry-cpp-contrib/pull/314
|
|
sed -i \
|
|
'/\#include <opentelemetry\/sdk\/trace\/processor.h>$/a \#include <opentelemetry\/sdk\/trace\/batch_span_processor_options.h>' \
|
|
otel-cpp-contrib/opentelemetry-cpp-contrib-%{opentelemetry_cpp_contrib_git_commit}/instrumentation/nginx/src/otel_ngx_module.cpp
|
|
popd
|
|
|
|
%build
|
|
sh configure \
|
|
--add-module=../nginx-njs/njs-%{njs_version}/nginx \
|
|
--add-dynamic-module=../otel-cpp-contrib/opentelemetry-cpp-contrib-%{opentelemetry_cpp_contrib_git_commit}/instrumentation/nginx \
|
|
--conf-path=%{_sysconfdir}/nginx/nginx.conf \
|
|
--error-log-path=%{_var}/log/nginx/error.log \
|
|
--group=%{nginx_user} \
|
|
--http-log-path=%{_var}/log/nginx/access.log \
|
|
--lock-path=%{_var}/run/nginx.lock \
|
|
--pid-path=%{_var}/run/nginx.pid \
|
|
--prefix=%{_sysconfdir}/nginx \
|
|
--sbin-path=%{_sbindir}/nginx \
|
|
--user=%{nginx_user} \
|
|
--with-stream_ssl_module \
|
|
--with-http_auth_request_module \
|
|
--with-http_gunzip_module \
|
|
--with-http_gzip_static_module \
|
|
--with-http_realip_module \
|
|
--with-http_ssl_module \
|
|
--with-http_stub_status_module \
|
|
--with-http_sub_module \
|
|
--with-http_v2_module \
|
|
--with-ipv6 \
|
|
--with-pcre \
|
|
--with-stream \
|
|
--with-compat
|
|
|
|
%make_build
|
|
|
|
%install
|
|
%make_install
|
|
install -vdm755 %{buildroot}%{_libdir}/systemd/system
|
|
install -vdm755 %{buildroot}%{_var}/log
|
|
install -vdm755 %{buildroot}%{_var}/opt/nginx/log
|
|
ln -sfv %{_var}/opt/nginx/log %{buildroot}%{_var}/log/nginx
|
|
install -p -m 0644 %{SOURCE1} %{buildroot}%{_libdir}/systemd/system/nginx.service
|
|
|
|
# Using the ones provided through the "nginx-mimetype" package.
|
|
rm -f %{buildroot}%{_sysconfdir}/%{name}/mime.types
|
|
|
|
%pre filesystem
|
|
getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
|
|
getent passwd %{nginx_user} > /dev/null || \
|
|
useradd -r -d %{_localstatedir}/lib/nginx -g %{nginx_user} \
|
|
-s /sbin/nologin -c "Nginx web server" %{nginx_user}
|
|
exit 0
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%license LICENSE
|
|
%config(noreplace) %{_sysconfdir}/%{name}/fastcgi.conf
|
|
%config(noreplace) %{_sysconfdir}/%{name}/fastcgi.conf.default
|
|
%config(noreplace) %{_sysconfdir}/%{name}/fastcgi_params
|
|
%config(noreplace) %{_sysconfdir}/%{name}/fastcgi_params.default
|
|
%config(noreplace) %{_sysconfdir}/%{name}/koi-utf
|
|
%config(noreplace) %{_sysconfdir}/%{name}/koi-win
|
|
%config(noreplace) %{_sysconfdir}/%{name}/mime.types.default
|
|
%config(noreplace) %{_sysconfdir}/%{name}/nginx.conf
|
|
%config(noreplace) %{_sysconfdir}/%{name}/nginx.conf.default
|
|
%config(noreplace) %{_sysconfdir}/%{name}/scgi_params
|
|
%config(noreplace) %{_sysconfdir}/%{name}/scgi_params.default
|
|
%config(noreplace) %{_sysconfdir}/%{name}/uwsgi_params
|
|
%config(noreplace) %{_sysconfdir}/%{name}/uwsgi_params.default
|
|
%{_sysconfdir}/%{name}/html/*
|
|
%{_sysconfdir}/%{name}/win-utf
|
|
%{_sbindir}/*
|
|
%{_libdir}/systemd/system/nginx.service
|
|
%dir %{_var}/opt/nginx/log
|
|
%{_var}/log/nginx
|
|
|
|
%files filesystem
|
|
%dir %{_sysconfdir}/%{name}
|
|
|
|
%files otel_ngx_module
|
|
%license ../otel-cpp-contrib/opentelemetry-cpp-contrib-%{opentelemetry_cpp_contrib_git_commit}/LICENSE
|
|
%{_sysconfdir}/%{name}/modules/otel_ngx_module.so
|
|
|
|
%changelog
|
|
* Tue Aug 20 2024 Cameron Baird <cameronbaird@microsoft.com> - 1.22.1-12
|
|
- Fix CVE-2024-7347
|
|
|
|
* Thu Oct 05 2023 Dan Streetman <ddstreet@ieee.org> - 1.22.1-11
|
|
- Fix CVE-2023-44487
|
|
|
|
* Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 1.22.1-10
|
|
- Recompile with stack-protection fixed gcc version (CVE-2023-4039)
|
|
|
|
* Thu Aug 17 2023 Muhammad Falak R Wani <mwani@microsoft.com> - 1.22.1-9
|
|
- Add otel_ngx_module subpackage
|
|
|
|
* Thu Aug 10 2023 Muhammad Falak R Wani <mwani@microsoft.com> - 1.22.1-8
|
|
- Configure with `--with-stream_ssl_module` to enable support for stream proxy server with SSL/TLS
|
|
|
|
* Mon Jul 31 2023 Muhammad Falak R Wani <mwani@microsoft.com> - 1.22.1-7
|
|
- Configure with `--with-compat` to enable dynamic modules compatibility
|
|
|
|
* Wed Jul 12 2023 Pete Birley <petebirley@microsoft.com> - 1.22.1-6
|
|
- Enable building with http_gunzip_module
|
|
|
|
* Mon Apr 17 2023 Olivia Crain <oliviacrain@microsoft.com> - 1.22.1-5
|
|
- Upgrade bundled njs version to 0.7.12 to fix CVE-2020-19692, CVE-2020-19695
|
|
- Use SPDX expression in license tag
|
|
|
|
* Tue Apr 04 2023 Mandeep Plaha <mandeepplaha@microsoft.com> - 1.22.1-4
|
|
- Enable building with ngx_http_gzip_static_module
|
|
|
|
* Mon Mar 27 2023 Mandeep Plaha <mandeepplaha@microsoft.com> - 1.22.1-3
|
|
- Enable building with ngx_http_realip_module
|
|
|
|
* Wed Nov 30 2022 Jon Slobodzian <joslobo@microsoft.com> - 1.22.1-2
|
|
- Enable http2 support
|
|
|
|
* Fri Oct 28 2022 Cameron Baird <cameronbaird@microsoft.com> - 1.22.1-1
|
|
- Move to stable release
|
|
|
|
* Tue Oct 25 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.23.2-1
|
|
- Upgrade to 1.23.2 (fixes CVE-2022-41741 and CVE-2022-41742)
|
|
|
|
* Tue Apr 19 2022 Max Brodeur-Urbas <maxbr@microsoft.com> - 1.20.2-2
|
|
- Addressing CVE-2021-3618.
|
|
|
|
* Wed Feb 23 2022 Max Brodeur-Urbas <maxbr@microsoft.com> - 1.20.2-1
|
|
- Upgrading to latest version 1.20.2 from "stable" branch.
|
|
|
|
* Wed Oct 13 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.20.1-2
|
|
- Split out "nginx-filesystem" using Fedora 34 spec (license: MIT) as guidance.
|
|
- Removing conflicts with "nginx-mimetypes" over "mime.types".
|
|
- Fixed changelog history to include version update.
|
|
|
|
* Fri Jun 11 2021 Henry Beberman <henry.beberman@microsoft.com> - 1.20.1-1
|
|
- Update to version 1.20.1 to resolve CVE-2021-23017
|
|
|
|
* Fri Apr 02 2021 Thomas Crain <thcrain@microsoft.com> - 1.16.1-4
|
|
- Merge the following releases from 1.0 to dev branch
|
|
- lihl@microsoft.com, 1.16.1-3: Used autosetup, Added patch to resolve CVE-2019-20372
|
|
- nicolasg@microsoft.com, 1.16.1-4: nopatch for CVE-2009-4487
|
|
|
|
* Wed Feb 10 2021 Henry Li <lihl@microsoft.com> - 1.16.1-3
|
|
- Add Provides for nginx-filesystem from nginx
|
|
|
|
* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 1.16.1-2
|
|
- Added %%license line automatically
|
|
|
|
* Fri Mar 13 2020 Paul Monson <paulmon@microsoft.com> - 1.16.1-1
|
|
- Update to version 1.16.1. License verified.
|
|
|
|
* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> - 1.15.3-5
|
|
- Initial CBL-Mariner import from Photon (license: Apache2).
|
|
|
|
* Fri Mar 15 2019 Keerthana K <keerthanak@vmware.com> - 1.15.3-4
|
|
- Enable http_stub_status_module.
|
|
|
|
* Wed Nov 07 2018 Ajay Kaher <akaher@vmware.com> - 1.15.3-3
|
|
- mark config files as non replaceable on upgrade.
|
|
|
|
* Mon Sep 17 2018 Keerthana K <keerthanak@vmware.com> - 1.15.3-2
|
|
- Adding http_auth_request_module and http_sub_module.
|
|
|
|
* Fri Sep 7 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> - 1.15.3-1
|
|
- Upgrade to version 1.15.3
|
|
|
|
* Fri Jul 20 2018 Keerthana K <keerthanak@vmware.com> - 1.13.8-3
|
|
- Restarting nginx on failure.
|
|
|
|
* Fri Jun 08 2018 Dheeraj Shetty <dheerajs@vmware.com> - 1.13.8-2
|
|
- adding module njs.
|
|
|
|
* Fri May 18 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> - 1.13.8-1
|
|
- Update to version 1.13.8 to support nginx-ingress
|
|
|
|
* Thu Dec 28 2017 Divya Thaluru <dthaluru@vmware.com> - 1.13.5-2
|
|
- Fixed the log file directory structure
|
|
|
|
* Wed Oct 04 2017 Xiaolin Li <xiaolinl@vmware.com> - 1.13.5-1
|
|
- Update to version 1.13.5
|
|
|
|
* Mon May 01 2017 Dheeraj Shetty <dheerajs@vmware.com> - 1.11.13-2
|
|
- adding module stream to nginx.
|
|
|
|
* Wed Apr 05 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 1.11.13-1
|
|
- update to 1.11.13
|
|
|
|
* Fri Nov 18 2016 Anish Swaminathan <anishs@vmware.com> - 1.10.0-5
|
|
- Add patch for CVE-2016-4450
|
|
|
|
* Wed Jul 27 2016 Divya Thaluru <dthaluru@vmware.com> - 1.10.0-4
|
|
- Removed packaging of debug files
|
|
|
|
* Fri Jul 8 2016 Divya Thaluru <dthaluru@vmware.com> - 1.10.0-3
|
|
- Modified default pid filepath and fixed nginx systemd service
|
|
|
|
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 1.10.0-2
|
|
- GA - Bump release of all rpms
|
|
|
|
* Mon May 16 2016 Xiaolin Li <xiaolinl@vmware.com> - 1.10.0-1
|
|
- Initial build. First version
|