From 8b5c2901c011d2195cfcdbc07ca4275b20c0dcd3 Mon Sep 17 00:00:00 2001 From: Ansuel Smith Date: Fri, 31 Jan 2020 23:06:46 +0100 Subject: [PATCH 1/2] nginx: backport master changes to 19.07 Currently luci is broken in 19.07. Changes done to fix this problem didn't merge in the 19.07 release. Signed-off-by: Ansuel Smith --- net/nginx/Config.in | 7 ++ net/nginx/Config_ssl.in | 7 ++ net/nginx/Makefile | 90 ++++++++++++------- .../files-luci-support/60_nginx-luci-support | 13 +++ net/nginx/files-luci-support/luci_nginx.conf | 9 +- .../files-luci-support/luci_nginx_ssl.conf | 11 +-- net/nginx/files-luci-support/luci_uwsgi.conf | 26 +++--- .../100-drop-libxslt-dep.patch | 14 +++ .../patches/201-ignore-invalid-options.patch | 2 +- 9 files changed, 122 insertions(+), 57 deletions(-) create mode 100644 net/nginx/patches-dav-nginx/100-drop-libxslt-dep.patch diff --git a/net/nginx/Config.in b/net/nginx/Config.in index 55c24ea7a..ccb5e240f 100644 --- a/net/nginx/Config.in +++ b/net/nginx/Config.in @@ -22,6 +22,13 @@ config NGINX_DAV Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE. default n +config NGINX_UBUS + bool + prompt "Enable UBUS module" + help + Enable UBUS api support directly from the server. + default y + config NGINX_FLV bool prompt "Enable FLV module" diff --git a/net/nginx/Config_ssl.in b/net/nginx/Config_ssl.in index f889cc3ec..050d71fe3 100644 --- a/net/nginx/Config_ssl.in +++ b/net/nginx/Config_ssl.in @@ -15,6 +15,13 @@ config NGINX_DAV Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE. default n +config NGINX_UBUS + bool + prompt "Enable UBUS module" + help + Enable UBUS api support directly from the server. + default y + config NGINX_FLV bool prompt "Enable FLV module" diff --git a/net/nginx/Makefile b/net/nginx/Makefile index 80a2eadb0..ff9624cbe 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,20 +8,18 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.16.1 -PKG_RELEASE:=1 +PKG_VERSION:=1.17.7 +PKG_RELEASE:=2 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nginx.org/download/ -PKG_HASH:=f11c2a6dd1d3515736f0324857957db2de98be862461b5a542a3ac6188dbe32b +PKG_HASH:=b62756842807e5693b794e5d0ae289bd8ae5b098e66538b2a91eb80f25c591ff PKG_MAINTAINER:=Thomas Heil \ Ansuel Smith PKG_LICENSE:=2-clause BSD-like license PKG_CPE_ID:=cpe:/a:nginx:nginx -PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) - PKG_FIXUP:=autoreconf PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 @@ -30,6 +28,7 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_SSL \ CONFIG_NGINX_DAV \ CONFIG_NGINX_FLV \ + CONFIG_NGINX_UBUS \ CONFIG_NGINX_STUB_STATUS \ CONFIG_NGINX_HTTP_CHARSET \ CONFIG_NGINX_HTTP_GZIP \ @@ -84,7 +83,8 @@ define Package/nginx/default TITLE:=Nginx web server URL:=http://nginx.org/ DEPENDS:=+NGINX_PCRE:libpcre +NGINX_SSL:libopenssl \ - +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread +NGINX_DAV:libexpat + +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread +NGINX_DAV:libxml2 \ + +NGINX_UBUS:libubus +NGINX_UBUS:libblobmsg-json +NGINX_UBUS:libjson-c endef define Package/nginx/description @@ -113,7 +113,8 @@ Package/nginx-ssl/description = $(Package/nginx/description) \ define Package/nginx-all-module $(Package/nginx/default) TITLE += with ALL module selected - DEPENDS:=+libpcre +libopenssl +zlib +liblua +libpthread +libexpat + DEPENDS:=+libpcre +libopenssl +zlib +liblua +libpthread +libxml2 \ + +libubus +libblobmsg-json +libjson-c VARIANT:=all-module PROVIDES:=nginx endef @@ -196,6 +197,8 @@ ifneq ($(BUILD_VARIANT),all-module) endif ifneq ($(CONFIG_NGINX_HTTP_UWSGI),y) ADDITIONAL_MODULES += --without-http_uwsgi_module + else + config_files += uwsgi_params endif ifneq ($(CONFIG_NGINX_HTTP_SCGI),y) ADDITIONAL_MODULES += --without-http_scgi_module @@ -255,6 +258,9 @@ ifneq ($(BUILD_VARIANT),all-module) ifeq ($(CONFIG_NGINX_DAV),y) ADDITIONAL_MODULES += --with-http_dav_module --add-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module endif + ifeq ($(CONFIG_NGINX_UBUS),y) + ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-ubus-module + endif ifeq ($(CONFIG_NGINX_HTTP_AUTH_REQUEST),y) ADDITIONAL_MODULES += --with-http_auth_request_module endif @@ -299,6 +305,7 @@ else CONFIG_NGINX_NAXSI:=y CONFIG_NGINX_LUA:=y CONFIG_NGINX_DAV:=y + CONFIG_NGINX_UBUS:=y ADDITIONAL_MODULES += --with-http_ssl_module --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src \ --add-module=$(PKG_BUILD_DIR)/lua-nginx --with-ipv6 --with-http_stub_status_module --with-http_flv_module \ --with-http_dav_module --add-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module \ @@ -306,7 +313,7 @@ else --with-http_secure_link_module --with-http_sub_module --add-module=$(PKG_BUILD_DIR)/nginx-headers-more \ --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module \ --add-module=$(PKG_BUILD_DIR)/nginx-brotli --add-module=$(PKG_BUILD_DIR)/nginx-rtmp \ - --add-module=$(PKG_BUILD_DIR)/nginx-ts + --add-module=$(PKG_BUILD_DIR)/nginx-ts --add-module=$(PKG_BUILD_DIR)/nginx-ubus-module config_files += koi-utf koi-win win-utf fastcgi_params endif @@ -317,7 +324,7 @@ define Package/nginx-mod-luci/default SUBMENU:=Web Servers/Proxies TITLE:=Support file for Nginx URL:=http://nginx.org/ - DEPENDS:=+uwsgi-cgi +uwsgi-cgi-luci-support + DEPENDS:=+uwsgi +uwsgi-luci-support endef define Package/nginx-mod-luci @@ -407,6 +414,7 @@ define Build/Prepare $(Prepare/nginx-rtmp) $(Prepare/nginx-ts) $(Prepare/nginx-dav-ext-module) + $(Prepare/nginx-ubus-module) endef @@ -414,34 +422,34 @@ ifeq ($(CONFIG_NGINX_HEADERS_MORE),y) define Download/nginx-headers-more VERSION:=a9f7c7e86cc7441d04e2f11f01c2e3a9c4b0301d SUBDIR:=nginx-headers-more - FILE:=headers-more-nginx-module-$$(VERSION).tar.gz + FILE:=headers-more-nginx-module-$$(VERSION).tar.xz URL:=https://github.com/openresty/headers-more-nginx-module.git - MIRROR_HASH:=432609015719aaa7241e5166c7cda427acbe004f725887f78ef629d51bd9cb3f + MIRROR_HASH:=ce0b9996ecb2cff790831644d6ab1adc087aa2771d77d3931c06246d11bc59fd PROTO:=git endef $(eval $(call Download,nginx-headers-more)) define Prepare/nginx-headers-more $(eval $(Download/nginx-headers-more)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif ifeq ($(CONFIG_NGINX_HTTP_BROTLI),y) define Download/nginx-brotli - VERSION:=e26248ee361c04e25f581b92b85d95681bdffb39 + VERSION:=dc37f658ccb5a51d090dc09d1a2aca2f24309869 SUBDIR:=nginx-brotli - FILE:=ngx-brotli-module-$$(VERSION).tar.gz + FILE:=ngx-brotli-module-$$(VERSION).tar.xz URL:=https://github.com/eustas/ngx_brotli.git - MIRROR_HASH:=76b891ba49f82f0cfbc9cba875646e26ee986b522373e0aa2698a9923a4adcdb + MIRROR_HASH:=6bc0c40ff24f6e0ac616dfddc803bdc7fcf54764ba9dc4f9cecb3a68beedcdaf PROTO:=git endef $(eval $(call Download,nginx-brotli)) define Prepare/nginx-brotli $(eval $(Download/nginx-brotli)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif @@ -450,16 +458,16 @@ ifeq ($(CONFIG_NGINX_RTMP_MODULE),y) define Download/nginx-rtmp VERSION:=f0ea62342a4eca504b311cd5df910d026c3ea4cf SUBDIR:=nginx-rtmp - FILE:=ngx-rtmp-module-$$(VERSION).tar.gz + FILE:=ngx-rtmp-module-$$(VERSION).tar.xz URL:=https://github.com/ut0mt8/nginx-rtmp-module.git - MIRROR_HASH:=9ba7625718d21f658c4878729271832a07bd989165f1d1c720b3a9b54cf738cc + MIRROR_HASH:=d3f58066f0f858ed79f7f2b0c9b89de2ccc512c94ab3d0625f6dcff3df0b72c1 PROTO:=git endef $(eval $(call Download,nginx-rtmp)) define Prepare/nginx-rtmp $(eval $(Download/nginx-rtmp)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif @@ -468,16 +476,16 @@ ifeq ($(CONFIG_NGINX_TS_MODULE),y) define Download/nginx-ts VERSION:=ef2f874d95cc75747eb625a292524a702aefb0fd SUBDIR:=nginx-ts - FILE:=ngx-ts-module-$$(VERSION).tar.gz + FILE:=ngx-ts-module-$$(VERSION).tar.xz URL:=https://github.com/arut/nginx-ts-module.git - MIRROR_HASH:=31ecc9968b928886b54884138eafe2fa747648bca5094d4c3132e8ae9509d1d3 + MIRROR_HASH:=73938950bb286d40d9e54b0994d1a63827340c1156c72eb04d7041b25b20ec18 PROTO:=git endef $(eval $(call Download,nginx-ts)) define Prepare/nginx-ts $(eval $(Download/nginx-ts)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif @@ -486,16 +494,16 @@ ifeq ($(CONFIG_NGINX_NAXSI),y) define Download/nginx-naxsi VERSION:=951123ad456bdf5ac94e8d8819342fe3d49bc002 SUBDIR:=nginx-naxsi - FILE:=nginx-naxsi-module-$$(VERSION).tar.gz + FILE:=nginx-naxsi-module-$$(VERSION).tar.xz URL:=https://github.com/nbs-system/naxsi.git - MIRROR_HASH:=7ab791f2ff38096f48013141bbfe20ba213d5e04dcac08ca82e0cac07d5c30f0 + MIRROR_HASH:=c734cae19a596affadd62a2df1b58d3df8d1364093a4e80a7cd1ab4555963535 PROTO:=git endef $(eval $(call Download,nginx-naxsi)) define Prepare/nginx-naxsi $(eval $(Download/nginx-naxsi)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif @@ -504,16 +512,16 @@ ifeq ($(CONFIG_NGINX_LUA),y) define Download/lua-nginx VERSION:=e94f2e5d64daa45ff396e262d8dab8e56f5f10e0 SUBDIR:=lua-nginx - FILE:=lua-nginx-module-$$(VERSION).tar.gz + FILE:=lua-nginx-module-$$(VERSION).tar.xz URL:=https://github.com/openresty/lua-nginx-module.git - MIRROR_HASH:=ae439f9a8b3c34d7240735b844db72ee721af4791bbaff5692bca20e6785f541 + MIRROR_HASH:=27729921964f066d97e99c263da153b34622a2f4b811114e4c3ee61c6fc71395 PROTO:=git endef $(eval $(call Download,lua-nginx)) define Prepare/lua-nginx $(eval $(Download/lua-nginx)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) $(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx) endef endif @@ -521,18 +529,36 @@ endif ifeq ($(CONFIG_NGINX_DAV),y) define Download/nginx-dav-ext-module - VERSION:=430fd774fe838a04f1a5defbf1dd571d42300cf9 + VERSION:=f5e30888a256136d9c550bf1ada77d6ea78a48af SUBDIR:=nginx-dav-ext-module - FILE:=nginx-dav-ext-module-$$(VERSION).tar.gz + FILE:=nginx-dav-ext-module-$$(VERSION).tar.xz URL:=https://github.com/arut/nginx-dav-ext-module.git - MIRROR_HASH:=0566053a8756423ecab455fd9d218cec1e017598fcbb3d6415a06f816851611e + MIRROR_HASH:=70bb4c3907f4b783605500ba494e907aede11f8505702e370012abb3c177dc5b PROTO:=git endef $(eval $(call Download,nginx-dav-ext-module)) define Prepare/nginx-dav-ext-module $(eval $(Download/nginx-dav-ext-module)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) + $(call PatchDir,$(PKG_BUILD_DIR),./patches-dav-nginx) + endef +endif + +ifeq ($(CONFIG_NGINX_UBUS),y) + define Download/nginx-ubus-module + VERSION:=f30b0167a2cdb40f23bd90928d601bdb0c1b8fad + SUBDIR:=nginx-ubus-module + FILE:=nginx-ubus-module-$$(VERSION).tar.xz + URL:=https://github.com/Ansuel/nginx-ubus-module.git + MIRROR_HASH:=02c7d4b0df7f4b69605e71b0fefdc99b5a9470c68cad7ccfb31ebefe4e7e0704 + PROTO:=git + endef + $(eval $(call Download,nginx-ubus-module)) + + define Prepare/nginx-ubus-module + $(eval $(Download/nginx-ubus-module)) + xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) endef endif diff --git a/net/nginx/files-luci-support/60_nginx-luci-support b/net/nginx/files-luci-support/60_nginx-luci-support index dd076d260..b682a832e 100644 --- a/net/nginx/files-luci-support/60_nginx-luci-support +++ b/net/nginx/files-luci-support/60_nginx-luci-support @@ -25,4 +25,17 @@ if [ -f "/etc/nginx/luci_nginx.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; then fi fi +if nginx -V 2>&1 | grep -q ubus; then + if [ -z "$(cat /etc/nginx/luci_uwsgi.conf | grep ubus)" ]; then + cat <> /etc/nginx/luci_uwsgi.conf + +location /ubus { + ubus_interpreter; + ubus_socket_path /var/run/ubus.sock; + ubus_parallel_req 2; +} +EOT + fi +fi + exit 0 diff --git a/net/nginx/files-luci-support/luci_nginx.conf b/net/nginx/files-luci-support/luci_nginx.conf index 31af664a2..75f0f78a6 100644 --- a/net/nginx/files-luci-support/luci_nginx.conf +++ b/net/nginx/files-luci-support/luci_nginx.conf @@ -1,5 +1,5 @@ -user nobody nogroup; +user root; worker_processes 1; #error_log logs/error.log; @@ -20,7 +20,7 @@ http { sendfile on; keepalive_timeout 0; - + client_body_buffer_size 10K; client_header_buffer_size 1k; client_max_body_size 1G; @@ -31,14 +31,15 @@ http { gzip_vary on; gzip_comp_level 1; gzip_proxied any; - + gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml; + root /www; server { listen 80 default_server; listen [::]:80 default_server; server_name localhost; - + location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { expires 365d; } diff --git a/net/nginx/files-luci-support/luci_nginx_ssl.conf b/net/nginx/files-luci-support/luci_nginx_ssl.conf index 318453b54..db33e554c 100644 --- a/net/nginx/files-luci-support/luci_nginx_ssl.conf +++ b/net/nginx/files-luci-support/luci_nginx_ssl.conf @@ -20,7 +20,7 @@ http { sendfile on; keepalive_timeout 0; - + client_body_buffer_size 10K; client_header_buffer_size 1k; client_max_body_size 1G; @@ -31,9 +31,10 @@ http { gzip_vary on; gzip_comp_level 1; gzip_proxied any; - + gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml; + root /www; - + server { listen 80 default_server; listen [::]:80 default_server; @@ -45,7 +46,7 @@ http { listen 443 ssl default_server; listen [::]:443 ssl default_server; server_name localhost; - + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:DHE+AESGCM:DHE:!RSA!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!CAMELLIA:!SEED"; @@ -53,7 +54,7 @@ http { ssl_certificate /etc/nginx/nginx.cer; ssl_certificate_key /etc/nginx/nginx.key; - + location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { expires 365d; } diff --git a/net/nginx/files-luci-support/luci_uwsgi.conf b/net/nginx/files-luci-support/luci_uwsgi.conf index 6211db74a..3ea3de914 100644 --- a/net/nginx/files-luci-support/luci_uwsgi.conf +++ b/net/nginx/files-luci-support/luci_uwsgi.conf @@ -1,19 +1,15 @@ location /cgi-bin/luci { - index index.html; - uwsgi_param QUERY_STRING $query_string; - uwsgi_param REQUEST_METHOD $request_method; - uwsgi_param CONTENT_TYPE $content_type; - uwsgi_param CONTENT_LENGTH $content_length if_not_empty; - uwsgi_param REQUEST_URI $request_uri; - uwsgi_param PATH_INFO $document_uri; - uwsgi_param SERVER_PROTOCOL $server_protocol; - uwsgi_param REMOTE_ADDR $remote_addr; - uwsgi_param REMOTE_PORT $remote_port; - uwsgi_param SERVER_ADDR $server_addr; - uwsgi_param SERVER_PORT $server_port; - uwsgi_param SERVER_NAME $server_name; - uwsgi_modifier1 9; - uwsgi_pass unix:////var/run/uwsgi.sock; + index index.html; + include uwsgi_params; + uwsgi_param SERVER_ADDR $server_addr; + uwsgi_modifier1 9; + uwsgi_pass unix:////var/run/luci-webui.socket; +} +location ~ /cgi-bin/cgi-(backup|download|upload|exec) { + include uwsgi_params; + uwsgi_param SERVER_ADDR $server_addr; + uwsgi_modifier1 9; + uwsgi_pass unix:////var/run/luci-cgi_io.socket; } location /luci-static { diff --git a/net/nginx/patches-dav-nginx/100-drop-libxslt-dep.patch b/net/nginx/patches-dav-nginx/100-drop-libxslt-dep.patch new file mode 100644 index 000000000..c5941f422 --- /dev/null +++ b/net/nginx/patches-dav-nginx/100-drop-libxslt-dep.patch @@ -0,0 +1,14 @@ +--- a/nginx-dav-ext-module/config 2018-12-17 08:45:12.000000000 +0000 ++++ b/nginx-dav-ext-module/config 2019-10-11 13:49:41.446919258 +0000 +@@ -8,9 +8,8 @@ ngx_module_name=ngx_http_dav_ext_module + # building nginx with the xslt module, in which case libxslt will + # be linked anyway. In other cases libxslt is just redundant. + # If that's a big deal, libxml2 can be linked directly: +-# ngx_module_libs=-lxml2 ++ngx_module_libs=-lxml2 ++ngx_module_incs=$(pkg-config --cflags-only-I libxml-2.0 | sed 's/^-I//') + +-ngx_module_libs=LIBXSLT +- + ngx_module_srcs="$ngx_addon_dir/ngx_http_dav_ext_module.c" + diff --git a/net/nginx/patches/201-ignore-invalid-options.patch b/net/nginx/patches/201-ignore-invalid-options.patch index 28be2fb71..88b521353 100644 --- a/net/nginx/patches/201-ignore-invalid-options.patch +++ b/net/nginx/patches/201-ignore-invalid-options.patch @@ -1,6 +1,6 @@ --- a/auto/options +++ b/auto/options -@@ -397,8 +397,7 @@ $0: warning: the \"--with-sha1-asm\" opt +@@ -396,8 +396,7 @@ $0: warning: the \"--with-sha1-asm\" opt --test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;; *) From 2c4e6a5390951b0ebfeb782680b0305fcf00b9e1 Mon Sep 17 00:00:00 2001 From: Ansuel Smith Date: Fri, 31 Jan 2020 23:07:54 +0100 Subject: [PATCH 2/2] uwsgi: backport master changes to 19.07 To support new luci version uwsgi has been changed. Backport this changes to 19.07 Signed-off-by: Ansuel Smith --- net/uwsgi-cgi/Makefile | 63 ------- net/uwsgi-cgi/files-luci-support/uwsgi.conf | 27 --- net/uwsgi-cgi/files-luci-support/uwsgi.init | 13 -- .../patches/001-remove-unused-deps.patch | 17 -- net/uwsgi/Makefile | 168 ++++++++++++++++++ net/uwsgi/files-luci-support/luci-cgi_io.ini | 31 ++++ net/uwsgi/files-luci-support/luci-webui.ini | 35 ++++ net/uwsgi/files/emperor.ini | 9 + net/uwsgi/files/uwsgi.init | 14 ++ .../patches/001-dont-hardcode-zlib.patch} | 0 ...ont-override-toolchain-optimization.patch} | 0 ...3-hard-code-Linux-as-compilation-os.patch} | 2 +- .../patches/010-uclibc-ng.patch | 0 .../020-uwsgiconfig-system-python3.patch | 0 ...-plugins-cgi_adds_dontresolve_option.patch | 65 +++++++ net/uwsgi/src/buildconf/openwrt.ini | 30 ++++ 16 files changed, 353 insertions(+), 121 deletions(-) delete mode 100644 net/uwsgi-cgi/Makefile delete mode 100644 net/uwsgi-cgi/files-luci-support/uwsgi.conf delete mode 100644 net/uwsgi-cgi/files-luci-support/uwsgi.init delete mode 100644 net/uwsgi-cgi/patches/001-remove-unused-deps.patch create mode 100644 net/uwsgi/Makefile create mode 100644 net/uwsgi/files-luci-support/luci-cgi_io.ini create mode 100644 net/uwsgi/files-luci-support/luci-webui.ini create mode 100644 net/uwsgi/files/emperor.ini create mode 100644 net/uwsgi/files/uwsgi.init rename net/{uwsgi-cgi/patches/002-dont-hardcode-zlib.patch => uwsgi/patches/001-dont-hardcode-zlib.patch} (100%) rename net/{uwsgi-cgi/patches/003-dont-override-toolchain-optimization.patch => uwsgi/patches/002-dont-override-toolchain-optimization.patch} (100%) rename net/{uwsgi-cgi/patches/004-hard-code-Linux-as-compilation-os.patch => uwsgi/patches/003-hard-code-Linux-as-compilation-os.patch} (85%) rename net/{uwsgi-cgi => uwsgi}/patches/010-uclibc-ng.patch (100%) rename net/{uwsgi-cgi => uwsgi}/patches/020-uwsgiconfig-system-python3.patch (100%) create mode 100644 net/uwsgi/patches/030-plugins-cgi_adds_dontresolve_option.patch create mode 100644 net/uwsgi/src/buildconf/openwrt.ini diff --git a/net/uwsgi-cgi/Makefile b/net/uwsgi-cgi/Makefile deleted file mode 100644 index 933ce885e..000000000 --- a/net/uwsgi-cgi/Makefile +++ /dev/null @@ -1,63 +0,0 @@ -include $(TOPDIR)/rules.mk - -PKG_NAME:=uwsgi-cgi -PKG_VERSION:=2.0.18 -PKG_RELEASE:=2 - -PKG_SOURCE_URL= \ - https://projects.unbit.it/downloads \ - https://codeload.github.com/unbit/uwsgi/tar.gz/$(PKG_VERSION)? -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_HASH:=4972ac538800fb2d421027f49b4a1869b66048839507ccf0aa2fda792d99f583 -PKG_BUILD_DIR:=$(BUILD_DIR)/uwsgi-$(PKG_VERSION) - -PKG_LICENSE:=GPL-2.0-or-later -PKG_LICENSE_FILES:=LICENSE -PKG_MAINTAINER:=Ansuel Smith - -PKG_BUILD_DEPENDS:=python3/host - -include $(INCLUDE_DIR)/package.mk - -define Package/uwsgi-cgi - SECTION:=net - CATEGORY:=Network - SUBMENU:=Web Servers/Proxies - TITLE:=The uWSGI server - URL:=https://projects.unbit.it/uwsgi - DEPENDS:=+libcap +jansson +libuuid -endef - -define Package/uwsgi-cgi-luci-support - SECTION:=net - CATEGORY:=Network - SUBMENU:=Web Servers/Proxies - TITLE:=Support files for LuCI on Nginx - DEPENDS:=+uwsgi-cgi -endef - -define Package/uwsgi-cgi/description - The uWSGI project build with cgi profile -endef - -MAKE_VARS+=\ - CPP=$(TARGET_CROSS)cpp \ - PYTHON=$(STAGING_DIR_HOSTPKG)/bin/python3 - -define Build/Compile - $(call Build/Compile/Default,PROFILE=cgi) -endef - -define Package/uwsgi-cgi/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/uwsgi $(1)/usr/sbin/ -endef - -define Package/uwsgi-cgi-luci-support/install - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) ./files-luci-support/uwsgi.init $(1)/etc/init.d/uwsgi - $(INSTALL_BIN) ./files-luci-support/uwsgi.conf $(1)/etc/uwsgi.conf -endef - -$(eval $(call BuildPackage,uwsgi-cgi)) -$(eval $(call BuildPackage,uwsgi-cgi-luci-support)) diff --git a/net/uwsgi-cgi/files-luci-support/uwsgi.conf b/net/uwsgi-cgi/files-luci-support/uwsgi.conf deleted file mode 100644 index cf48a42bb..000000000 --- a/net/uwsgi-cgi/files-luci-support/uwsgi.conf +++ /dev/null @@ -1,27 +0,0 @@ -[uwsgi] -strict = true -socket = /var/run/uwsgi.sock -cgi-mode = true -cgi = /www/ -chdir = /usr/lib/lua/luci/ -master = true -buffer-size = 10000 -reload-mercy = 8 -max-requests = 2000 -limit-as = 200 -reload-on-as = 256 -reload-on-rss = 192 -no-orphans = true -vacuum = true -enable-threads = true -post-buffering = 8192 -socket-timeout = 120 -thunder-lock = true -logger = syslog:uwsgi -disable-logging = true -log-format = %(addr) %(method) %(uri) => generated %(rsize) bytes in %(msecs) msecs -pidfile = /var/run/uwsgi.pid -die-on-term = true -threads = 3 -processes = 3 -chmod-socket = 666 diff --git a/net/uwsgi-cgi/files-luci-support/uwsgi.init b/net/uwsgi-cgi/files-luci-support/uwsgi.init deleted file mode 100644 index af2a307e9..000000000 --- a/net/uwsgi-cgi/files-luci-support/uwsgi.init +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh /etc/rc.common - -START=79 -USE_PROCD=1 - -start_service() { - procd_open_instance - procd_set_param command /usr/sbin/uwsgi --ini /etc/uwsgi.conf - procd_set_param file /etc/uwsgi.conf - procd_set_param respawn - procd_close_instance - } - diff --git a/net/uwsgi-cgi/patches/001-remove-unused-deps.patch b/net/uwsgi-cgi/patches/001-remove-unused-deps.patch deleted file mode 100644 index 2b058c302..000000000 --- a/net/uwsgi-cgi/patches/001-remove-unused-deps.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- a/buildconf/base.ini -+++ b/buildconf/base.ini -@@ -1,9 +1,9 @@ - [uwsgi] --xml = auto --yaml = true --json = auto --ssl = auto --pcre = auto -+xml = false -+yaml = embedded -+json = jansson -+ssl = false -+pcre = false - routing = auto - debug = false - unbit = false diff --git a/net/uwsgi/Makefile b/net/uwsgi/Makefile new file mode 100644 index 000000000..f34ba6a62 --- /dev/null +++ b/net/uwsgi/Makefile @@ -0,0 +1,168 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=uwsgi +PKG_VERSION:=2.0.18 +PKG_RELEASE:=1 + +PKG_SOURCE:=uwsgi-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL=https://files.pythonhosted.org/packages/source/u/uwsgi/ +PKG_HASH:=4972ac538800fb2d421027f49b4a1869b66048839507ccf0aa2fda792d99f583 +PKG_BUILD_DIR:=$(BUILD_DIR)/uwsgi-$(PKG_VERSION) +PKG_BUILD_DEPENDS:=python3/host + +PKG_LICENSE:=GPL-2.0-or-later +PKG_LICENSE_FILES:=LICENSE +PKG_MAINTAINER:=Ansuel Smith + +include $(INCLUDE_DIR)/package.mk +include ../../lang/python/python3-package.mk +#for LINUX_UNAME_VERSION: +include $(INCLUDE_DIR)/kernel.mk + +define Package/uwsgi + SECTION:=net + CATEGORY:=Network + SUBMENU:=Web Servers/Proxies + TITLE:=The uWSGI server + URL:=https://uwsgi-docs.readthedocs.io/en/latest/ + DEPENDS:=+libpcre +libcap +libuuid + MENU:=1 +endef + +define Package/uwsgi-logfile-plugin + SECTION:=net + CATEGORY:=Network + SUBMENU:=Web Servers/Proxies + TITLE:=The Logfile plugin for the uWSGI server + DEPENDS:=uwsgi + MDEPENDS:=uwsgi +endef + +define Package/uwsgi-syslog-plugin + SECTION:=net + CATEGORY:=Network + SUBMENU:=Web Servers/Proxies + TITLE:=The Syslog plugin for the uWSGI server + DEPENDS:=uwsgi + MDEPENDS:=uwsgi +endef + +define Package/uwsgi-cgi-plugin + SECTION:=net + CATEGORY:=Network + SUBMENU:=Web Servers/Proxies + TITLE:=The CGI plugin for the uWSGI server + DEPENDS:=uwsgi + MDEPENDS:=uwsgi +endef + +define Package/uwsgi-python3-plugin + SECTION:=net + CATEGORY:=Network + SUBMENU:=Web Servers/Proxies + TITLE:=The Python3 plugin for the uWSGI server + DEPENDS:=uwsgi +python3-light + MDEPENDS:=uwsgi +endef + +define Package/uwsgi-luci-support + SECTION:=net + CATEGORY:=Network + SUBMENU:=Web Servers/Proxies + TITLE:=Support files for LuCI on Nginx + DEPENDS:=uwsgi +uwsgi-syslog-plugin +uwsgi-cgi-plugin + MDEPENDS:=uwsgi +endef + +define Package/uwsgi/description + The uWSGI project (to be used together with nginx or nginx-ssl). +endef + +define Package/uwsgi-logfile-plugin/description + The Logfile plugin for the uWSGI project. +endef + +define Package/uwsgi-syslog-plugin/description + The Syslog plugin for the uWSGI project. +endef + +define Package/uwsgi-cgi-plugin/description + The CGI plugin for the uWSGI project. +endef + +define Package/uwsgi-python3-plugin/description + The Python3 plugin for the uWSGI project. +endef + +define Package/uwsgi-luci-support/description + Support files for LuCI on Nginx +endef + +MAKE_VARS+=\ + CPP=$(TARGET_CROSS)cpp \ + PYTHON=$(STAGING_DIR_HOSTPKG)/bin/python3 \ + LINUX_UNAME_VERSION=$(LINUX_UNAME_VERSION) + +define Build/Compile + $(call Build/Compile/Default,PROFILE=openwrt) + $(call Build/Compile/Default,plugin.logfile PROFILE=openwrt) + $(call Build/Compile/Default,plugin.syslog PROFILE=openwrt) + $(call Build/Compile/Default,plugin.cgi PROFILE=openwrt) + $(call Build/Compile/HostPy3RunTarget, \ + cd $(PKG_BUILD_DIR), \ + uwsgiconfig.py --plugin plugins/python openwrt, \ + CPP="$(TARGET_CROSS)cpp" \ + LINUX_UNAME_VERSION=$(LINUX_UNAME_VERSION) \ + CFLAGS="$(TARGET_CPPFLAGS) -I$(PYTHON3_INC_DIR) $(TARGET_CFLAGS)" \ + ) +endef + +define Package/uwsgi/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/uwsgi $(1)/usr/sbin/ + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/uwsgi.init $(1)/etc/init.d/uwsgi + + $(INSTALL_DIR) $(1)/etc/uwsgi + $(INSTALL_CONF) ./files/emperor.ini $(1)/etc/uwsgi/emperor.ini + + $(INSTALL_DIR) $(1)/etc/uwsgi/vassals +endef + +define Package/uwsgi/conffiles +/etc/uwsgi/emperor.ini +endef + +define Package/uwsgi-logfile-plugin/install + $(INSTALL_DIR) $(1)/usr/lib/uwsgi + $(CP) $(PKG_BUILD_DIR)/logfile_plugin.so $(1)/usr/lib/uwsgi/ +endef + +define Package/uwsgi-syslog-plugin/install + $(INSTALL_DIR) $(1)/usr/lib/uwsgi + $(CP) $(PKG_BUILD_DIR)/syslog_plugin.so $(1)/usr/lib/uwsgi/ +endef + +define Package/uwsgi-cgi-plugin/install + $(INSTALL_DIR) $(1)/usr/lib/uwsgi + $(CP) $(PKG_BUILD_DIR)/cgi_plugin.so $(1)/usr/lib/uwsgi/ +endef + +define Package/uwsgi-python3-plugin/install + $(INSTALL_DIR) $(1)/usr/lib/uwsgi + $(INSTALL_BIN) $(PKG_BUILD_DIR)/python_plugin.so $(1)/usr/lib/uwsgi/ +endef + +define Package/uwsgi-luci-support/install + $(INSTALL_DIR) $(1)/etc/uwsgi/vassals + $(INSTALL_DATA) ./files-luci-support/luci-webui.ini $(1)/etc/uwsgi/vassals/luci-webui.ini + $(INSTALL_DATA) ./files-luci-support/luci-cgi_io.ini $(1)/etc/uwsgi/vassals/luci-cgi_io.ini +endef + +$(eval $(call BuildPackage,uwsgi)) +$(eval $(call BuildPackage,uwsgi-logfile-plugin)) +$(eval $(call BuildPackage,uwsgi-syslog-plugin)) +$(eval $(call BuildPackage,uwsgi-cgi-plugin)) +$(eval $(call BuildPackage,uwsgi-python3-plugin)) +$(eval $(call BuildPackage,uwsgi-luci-support)) diff --git a/net/uwsgi/files-luci-support/luci-cgi_io.ini b/net/uwsgi/files-luci-support/luci-cgi_io.ini new file mode 100644 index 000000000..da5ef7604 --- /dev/null +++ b/net/uwsgi/files-luci-support/luci-cgi_io.ini @@ -0,0 +1,31 @@ +[uwsgi] +strict = true +if-not-env = UWSGI_EMPEROR_FD +socket = /var/run/luci-cgi_io.socket +chmod-socket = 666 +cheap = true +end-if = +plugin = cgi +cgi-mode = true +cgi = /www/ +chdir = /usr/lib/lua/luci/ +buffer-size = 10000 +reload-mercy = 8 +max-requests = 2000 +limit-as = 200 +reload-on-as = 256 +reload-on-rss = 192 +no-orphans = true +post-buffering = 8192 +socket-timeout = 120 +thunder-lock = true +plugin = syslog +disable-logging = true +req-logger = syslog:uwsgi-luci-cgi_io +log-format=%(method) %(uri) => return %(status) (%(rsize) bytes in %(msecs) ms) +chmod-socket = 666 +cgi-safe = /usr/libexec/cgi-io +cgi-dontresolve = true +cgi-close-stdin-on-eof = true +cheap = true +idle = 360 diff --git a/net/uwsgi/files-luci-support/luci-webui.ini b/net/uwsgi/files-luci-support/luci-webui.ini new file mode 100644 index 000000000..04abfc82d --- /dev/null +++ b/net/uwsgi/files-luci-support/luci-webui.ini @@ -0,0 +1,35 @@ +[uwsgi] +strict = true +if-not-env = UWSGI_EMPEROR_FD +socket = /var/run/luci-webui.socket +chmod-socket = 666 +cheap = true +end-if = +plugin = cgi +cgi-mode = true +cgi = /www/ +chdir = /usr/lib/lua/luci/ +buffer-size = 10000 +reload-mercy = 8 +max-requests = 2000 +limit-as = 200 +reload-on-as = 256 +reload-on-rss = 192 +enable-threads = true +post-buffering = 8192 +socket-timeout = 120 +thunder-lock = true +plugin = syslog +logger = luci syslog:uwsgi-luci +log-route = luci luci: +disable-logging = true +req-logger = syslog:uwsgi-luci +log-format=%(method) %(uri) => return %(status) (%(rsize) bytes in %(msecs) ms) +threads = 3 +processes = 3 +cheaper-algo = spare +cheaper = 1 +cheaper-initial = 1 +cheaper-step = 1 +master = true +idle = 360 diff --git a/net/uwsgi/files/emperor.ini b/net/uwsgi/files/emperor.ini new file mode 100644 index 000000000..9c245af1d --- /dev/null +++ b/net/uwsgi/files/emperor.ini @@ -0,0 +1,9 @@ +[uwsgi] +strict = true +pidfile = /var/run/uwsgi.pid +emperor = /etc/uwsgi/vassals/*.ini +early-emperor = true +vacuum = true +emperor-on-demand-directory = /var/run/ +emperor-required-heartbeat = 99 +vassal-set = die-on-idle=true diff --git a/net/uwsgi/files/uwsgi.init b/net/uwsgi/files/uwsgi.init new file mode 100644 index 000000000..20a1280e5 --- /dev/null +++ b/net/uwsgi/files/uwsgi.init @@ -0,0 +1,14 @@ +#!/bin/sh /etc/rc.common + +START=79 +USE_PROCD=1 + +start_service() { + procd_open_instance + procd_set_param command /usr/sbin/uwsgi --ini /etc/uwsgi/emperor.ini + procd_set_param stderr 1 + procd_set_param file /etc/uwsgi/emperor.ini + procd_set_param respawn + procd_close_instance +} + diff --git a/net/uwsgi-cgi/patches/002-dont-hardcode-zlib.patch b/net/uwsgi/patches/001-dont-hardcode-zlib.patch similarity index 100% rename from net/uwsgi-cgi/patches/002-dont-hardcode-zlib.patch rename to net/uwsgi/patches/001-dont-hardcode-zlib.patch diff --git a/net/uwsgi-cgi/patches/003-dont-override-toolchain-optimization.patch b/net/uwsgi/patches/002-dont-override-toolchain-optimization.patch similarity index 100% rename from net/uwsgi-cgi/patches/003-dont-override-toolchain-optimization.patch rename to net/uwsgi/patches/002-dont-override-toolchain-optimization.patch diff --git a/net/uwsgi-cgi/patches/004-hard-code-Linux-as-compilation-os.patch b/net/uwsgi/patches/003-hard-code-Linux-as-compilation-os.patch similarity index 85% rename from net/uwsgi-cgi/patches/004-hard-code-Linux-as-compilation-os.patch rename to net/uwsgi/patches/003-hard-code-Linux-as-compilation-os.patch index 0459ed034..169a309f8 100644 --- a/net/uwsgi-cgi/patches/004-hard-code-Linux-as-compilation-os.patch +++ b/net/uwsgi/patches/003-hard-code-Linux-as-compilation-os.patch @@ -8,7 +8,7 @@ -uwsgi_os_k = re.split('[-+_]', os.uname()[2])[0] -uwsgi_os_v = os.uname()[3] +uwsgi_os = "Linux" -+uwsgi_os_k = "4.4.0" ++uwsgi_os_k = os.environ['LINUX_UNAME_VERSION'] +uwsgi_os_v = "Linux" uwsgi_cpu = os.uname()[4] diff --git a/net/uwsgi-cgi/patches/010-uclibc-ng.patch b/net/uwsgi/patches/010-uclibc-ng.patch similarity index 100% rename from net/uwsgi-cgi/patches/010-uclibc-ng.patch rename to net/uwsgi/patches/010-uclibc-ng.patch diff --git a/net/uwsgi-cgi/patches/020-uwsgiconfig-system-python3.patch b/net/uwsgi/patches/020-uwsgiconfig-system-python3.patch similarity index 100% rename from net/uwsgi-cgi/patches/020-uwsgiconfig-system-python3.patch rename to net/uwsgi/patches/020-uwsgiconfig-system-python3.patch diff --git a/net/uwsgi/patches/030-plugins-cgi_adds_dontresolve_option.patch b/net/uwsgi/patches/030-plugins-cgi_adds_dontresolve_option.patch new file mode 100644 index 000000000..7acdfc71c --- /dev/null +++ b/net/uwsgi/patches/030-plugins-cgi_adds_dontresolve_option.patch @@ -0,0 +1,65 @@ +From f259999d824b921a8a443e73d8c2b9e2d2170413 Mon Sep 17 00:00:00 2001 +From: Ansuel Smith +Date: Tue, 8 Oct 2019 02:10:43 +0200 +Subject: [PATCH] plugins/cgi: adds dontresolve option + +This option permit to call the simbolic link instead of the file the simbolic link points. +All the security check are still done as the simbolic path is passed at the end after all the checks are passed. This is useful if some cgi app are used for multiple function based on the name they are called by. + +Signed-off-by: Ansuel Smith +--- + plugins/cgi/cgi_plugin.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/plugins/cgi/cgi_plugin.c b/plugins/cgi/cgi_plugin.c +index d032db17c..30e1cc528 100644 +--- a/plugins/cgi/cgi_plugin.c ++++ b/plugins/cgi/cgi_plugin.c +@@ -15,6 +15,7 @@ struct uwsgi_cgi { + struct uwsgi_string_list *loadlib; + struct uwsgi_string_list *cgi_safe; + int optimize; ++ int dontresolve; + int from_docroot; + int has_mountpoints; + struct uwsgi_dyn_dict *default_cgi; +@@ -75,6 +76,8 @@ struct uwsgi_option uwsgi_cgi_options[] = { + + {"cgi-safe", required_argument, 0, "skip security checks if the cgi file is under the specified path", uwsgi_opt_add_string_list, &uc.cgi_safe, 0}, + ++ {"cgi-dontresolve", no_argument, 0 , "call symbolic link directly instead of the real path", uwsgi_opt_true,&uc.dontresolve, 0}, ++ + {0, 0, 0, 0, 0, 0, 0}, + + }; +@@ -475,6 +478,7 @@ static int uwsgi_cgi_request(struct wsgi_request *wsgi_req) { + + char full_path[PATH_MAX]; + char tmp_path[PATH_MAX]; ++ char symbolic_path[PATH_MAX]; + struct stat cgi_stat; + int need_free = 0; + int is_a_file = 0; +@@ -533,6 +537,10 @@ static int uwsgi_cgi_request(struct wsgi_request *wsgi_req) { + uwsgi_404(wsgi_req); + return UWSGI_OK; + } ++ if (uc.dontresolve) { ++ full_path_len = strlen(full_path); ++ memcpy(symbolic_path, full_path, full_path_len+1); ++ } + + full_path_len = strlen(tmp_path); + // add +1 to copy the null byte +@@ -639,6 +647,11 @@ static int uwsgi_cgi_request(struct wsgi_request *wsgi_req) { + } + } + ++ if (uc.dontresolve) { ++ full_path_len = strlen(symbolic_path); ++ memcpy(full_path, symbolic_path, full_path_len+1); ++ } ++ + int ret = uwsgi_cgi_run(wsgi_req, docroot, docroot_len, full_path, helper, path_info, script_name, is_a_file, discard_base); + if (need_free) free(docroot); + return ret; diff --git a/net/uwsgi/src/buildconf/openwrt.ini b/net/uwsgi/src/buildconf/openwrt.ini new file mode 100644 index 000000000..f9ea8344f --- /dev/null +++ b/net/uwsgi/src/buildconf/openwrt.ini @@ -0,0 +1,30 @@ +[uwsgi] +xml = false +yaml = false +json = false +ssl = false +pcre = true +routing = auto +debug = false +unbit = false +malloc_implementation = libc +extras = +plugins = +bin_name = uwsgi +append_version = +plugin_dir = /usr/lib/uwsgi +plugin_build_dir = . +embedded_plugins = +as_shared_library = false + +locking = auto +event = auto +timer = auto +filemonitor = auto + +blacklist = +whitelist = + +embed_files = + +embed_config =