# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Jeff Bilyk <jbilyk@gmail.com>
# Contributor: Bartłomiej Piotrowski <nospam@bpiotrowski.pl>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
#   1.12.1-r0:
#     - CVE-2017-7529
#
pkgname=nginx
pkgver=1.12.1
pkgrel=3
# Revision of nginx-tests to use for check().
_tests_hgrev=cdd44ff602db
pkgdesc="HTTP and reverse proxy server (stable version)"
url="http://www.nginx.org/en"
arch="all"
license="custom"
depends=""
makedepends="linux-headers gd-dev geoip-dev libxml2-dev libxslt-dev
	libressl-dev paxmark pcre-dev perl-dev pkgconf zlib-dev"
checkdepends="perl perl-fcgi perl-io-socket-ssl perl-net-ssleay
	perl-protocol-websocket uwsgi-python"
pkgusers="nginx"
_grp_ngx="nginx"
_grp_www="www-data"
pkggroups="$_grp_ngx $_grp_www"
install="$pkgname.pre-install $pkgname.post-upgrade"
subpackages="$pkgname-doc $pkgname-vim::noarch"
replaces="$pkgname-common $pkgname-initscripts $pkgname-lua $pkgname-rtmp"
source="http://nginx.org/download/$pkgname-$pkgver.tar.gz
	$pkgname-tests-$_tests_hgrev.tar.gz::http://hg.nginx.org/nginx-tests/archive/$_tests_hgrev.tar.gz
	echo-nginx-module~fix-nginx-1.12.patch
	lua-nginx-module~fix-nginx-1.12.patch
	lua-nginx-module~fix-libressl.patch
	nginx.conf
	default.conf
	$pkgname.logrotate
	$pkgname.initd
	"
builddir="$srcdir/$pkgname-$pkgver"

_modules_dir="usr/lib/$pkgname/modules"

# luajit is not available for s390x and ppc64le
case "$CARCH" in
	ppc64le | s390x) makedepends="$makedepends lua5.1-dev";;
	*) makedepends="$makedepends luajit-dev";;
esac

# Built-in dynamic modules
for _mod in \
	http-geoip \
	http-image-filter \
	http-perl \
	http-xslt-filter \
	mail \
	stream \
	stream-geoip
do
	subpackages="$subpackages $pkgname-mod-$_mod:_module"
done

# Third-party dynamic modules

# For simplicity we assume that module is hosted on GitHub.
_add_module() {
	local name="$1" ver="$2" url="$3"
	local dirname="${url##*/}-${ver#v}"

	subpackages="$subpackages $pkgname-mod-$name:_module"
	source="$source $dirname.tar.gz::$url/archive/$ver.tar.gz"
	_extra_flags="$_extra_flags --add-dynamic-module=$srcdir/$dirname"
}

_add_module "devel-kit" "v0.3.0" "https://github.com/simpl/ngx_devel_kit"
_devel_kit_so="ndk_http_module.so"

_add_module "http-cache-purge" "2.4.1" "https://github.com/nginx-modules/ngx_cache_purge"

_add_module "http-echo" "v0.60" "https://github.com/openresty/echo-nginx-module"

_add_module "http-fancyindex" "v0.4.1" "https://github.com/aperezdc/ngx-fancyindex"

_add_module "http-headers-more" "v0.32" "https://github.com/openresty/headers-more-nginx-module"
_http_headers_more_so="ngx_http_headers_more_filter_module.so"

_add_module "http-lua" "v0.10.8" "https://github.com/openresty/lua-nginx-module"
_http_lua_depends="$pkgname-mod-devel-kit"
_http_lua_provides="$pkgname-lua"  # for backward compatibility

_add_module "http-lua-upstream" "v0.06" "https://github.com/openresty/lua-upstream-nginx-module"
_http_lua_upstream_depends="$pkgname-mod-http-lua"

_add_module "http-nchan" "v1.1.7" "https://github.com/slact/nchan"
_http_nchan_so="ngx_nchan_module.so"

_add_module "http-shibboleth" "v2.0.1" "https://github.com/nginx-shib/nginx-http-shibboleth"

_add_module "http-redis2" "v0.14" "https://github.com/openresty/redis2-nginx-module"

_add_module "http-set-misc" "v0.31" "https://github.com/openresty/set-misc-nginx-module"
_http_set_misc_depends="$pkgname-mod-devel-kit"

_add_module "http-upload-progress" "v0.9.2" "https://github.com/masterzen/nginx-upload-progress-module"
_http_upload_progress_so="ngx_http_uploadprogress_module.so"

_add_module "http-upstream-fair" "v0.1.2" "https://github.com/itoffshore/nginx-upstream-fair"

_add_module "rtmp" "v1.1.11" "https://github.com/arut/nginx-rtmp-module"
_rtmp_provides="$pkgname-rtmp"  # for backward compatibility


prepare() {
	local file; for file in $source; do
		case $file in
		*~*.patch)
			msg $file
			cd "$srcdir"/${file%%~*}-*
			patch -p 1 -i "$srcdir/$file"
			;;
		*.patch)
			msg $file
			cd "$builddir"
			patch -p 1 -i "$srcdir/$file"
			;;
		esac
	done

	# This test requires superuser privileges and CAP_NET_ADMIN.
	rm "$srcdir"/nginx-tests-*/proxy_bind_transparent.t
}

build() {
	cd "$builddir"

	export LUAJIT_LIB="$(pkgconf --variable=libdir luajit)"
	export LUAJIT_INC="$(pkgconf --variable=includedir luajit)"
	./configure \
		--prefix=/var/lib/$pkgname \
		--sbin-path=/usr/sbin/$pkgname \
		--modules-path=/$_modules_dir \
		--conf-path=/etc/$pkgname/$pkgname.conf \
		--pid-path=/run/$pkgname/$pkgname.pid \
		--lock-path=/run/$pkgname/$pkgname.lock \
		--http-client-body-temp-path=/var/tmp/$pkgname/client_body \
		--http-proxy-temp-path=/var/tmp/$pkgname/proxy \
		--http-fastcgi-temp-path=/var/tmp/$pkgname/fastcgi \
		--http-uwsgi-temp-path=/var/tmp/$pkgname/uwsgi \
		--http-scgi-temp-path=/var/tmp/$pkgname/scgi \
		--with-perl_modules_path=/usr/lib/perl5/vendor_perl \
		\
		--user=$pkgusers \
		--group=$_grp_ngx \
		--with-threads \
		--with-file-aio \
		\
		--with-http_ssl_module \
		--with-http_v2_module \
		--with-http_realip_module \
		--with-http_addition_module \
		--with-http_xslt_module=dynamic \
		--with-http_image_filter_module=dynamic \
		--with-http_geoip_module=dynamic \
		--with-http_sub_module \
		--with-http_dav_module \
		--with-http_flv_module \
		--with-http_mp4_module \
		--with-http_gunzip_module \
		--with-http_gzip_static_module \
		--with-http_auth_request_module \
		--with-http_random_index_module \
		--with-http_secure_link_module \
		--with-http_degradation_module \
		--with-http_slice_module \
		--with-http_stub_status_module \
		--with-http_perl_module=dynamic \
		--with-mail=dynamic \
		--with-mail_ssl_module \
		--with-stream=dynamic \
		--with-stream_ssl_module \
		--with-stream_realip_module \
		--with-stream_geoip_module=dynamic \
		--with-stream_ssl_preread_module \
		\
		$_extra_flags

	make
}

check() {
	cd "$srcdir"/nginx-tests-*

	TEST_NGINX_BINARY="$builddir/objs/nginx" prove .
}

package() {
	cd "$builddir"

	make DESTDIR="$pkgdir" install

	# Disable some PaX protections; this is needed for Lua module.
	local paxflags="-m"
	[ "$CARCH" = "x86" ] && paxflags="-msp"
	paxmark $paxflags "$pkgdir"/usr/sbin/nginx

	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
	install -Dm644 README "$pkgdir"/usr/share/doc/$pkgname/README

	install -Dm644 objs/$pkgname.8 "$pkgdir"/usr/share/man/man8/$pkgname.8

	local name; for name in ngx_devel_kit lua-nginx-module nginx-rtmp-module; do
		cp -r "$srcdir"/$name-*/doc* "$pkgdir"/usr/share/doc/$pkgname/$name
	done

	cd "$pkgdir"

	install -Dm644 "$srcdir"/nginx.conf ./etc/$pkgname/nginx.conf
	install -Dm644 "$srcdir"/default.conf ./etc/$pkgname/conf.d/default.conf
	install -Dm755 "$srcdir"/$pkgname.initd ./etc/init.d/$pkgname
	install -Dm644 "$srcdir"/$pkgname.logrotate ./etc/logrotate.d/$pkgname

	install -dm755 ./etc/$pkgname/modules
	install -dm750 -o $pkgusers -g $_grp_ngx ./var/lib/$pkgname
	install -dm700 -o $pkgusers -g $_grp_ngx ./var/tmp/$pkgname
	install -dm755 -g $_grp_www ./var/www/localhost/htdocs

	install -dm755 ./var/log
	mv ./var/lib/$pkgname/logs ./var/log/$pkgname

	ln -sf /$_modules_dir ./var/lib/$pkgname/modules
	ln -sf /var/log/$pkgname ./var/lib/$pkgname/logs
	ln -sf /var/tmp/$pkgname ./var/lib/$pkgname/tmp
	ln -sf /run/$pkgname ./var/lib/$pkgname/run

	# Remove archaic charset maps.
	rm ./etc/$pkgname/koi-* ./etc/$pkgname/win-utf

	rm -rf ./run ./etc/$pkgname/*.default
}

vim() {
	pkgdesc="$pkgdesc (vim syntax)"
	depends=

	mkdir -p "$subpkgdir"/usr/share/vim
	cp -r "$builddir"/contrib/vim "$subpkgdir"/usr/share/vim/vimfiles
}

_module() {
	local name="${subpkgname#$pkgname-mod-}"
	name="${name//-/_}"
	local soname="$(eval "echo \$_${name}_so")";
	soname="${soname:-"ngx_${name}_module.so"}"

	pkgdesc="$pkgdesc (module $name)"
	depends="$pkgname $(eval "echo \$_${name}_depends")"
	provides="$(eval "echo \$_${name}_provides")"

	mkdir -p "$subpkgdir"/$_modules_dir
	cd "$subpkgdir"

	mv "$pkgdir"/$_modules_dir/$soname ./$_modules_dir/$soname

	mkdir -p "$subpkgdir"/etc/nginx/modules
	echo "load_module \"modules/$soname\";" > ./etc/nginx/modules/$name.conf
}

sha512sums="3a2ad2a559b366dda92dd58c0fe40ee84dd60a3eaf72071454110e032c3e9a03f2a63b28fe3a615b527950521eeb533c687a2cc4c87524e1d8f3a0a5f043fdb6  nginx-1.12.1.tar.gz
ca8be839aef71c537d6d3a79e2894f38790834d6310c6d15ad06900c7c2d7cf71a113847ab96ef9be0fbdfff3b7808e74dea427502b275cfd6c909550f9ba9ab  nginx-tests-cdd44ff602db.tar.gz
401f57ed73941619cdd41061bd92fffc00730e34cc647ea3c9345225723e9c7ebd72d9d15a703cffd93b0a99d458a05fe5efa7373ae24f41b35279285b5ca0fa  echo-nginx-module~fix-nginx-1.12.patch
04f7d75ce15eba99be99a76d266903c17e48742ab4bf237b988bf84f00cdbf6510c3d4eee88a24620e56dc426220192df39f4736af157fdc4e4c50b4f1d794f2  lua-nginx-module~fix-nginx-1.12.patch
fd8bce0e7d69552267b8e405b07fc9323e25e06cceb8912a2d143952447a4299756e6a9a8a40f4eabe8b00fed475fd87ee4a982f5ad7449d59783e872c682451  lua-nginx-module~fix-libressl.patch
ac7e3153ab698b4cde077f0d5d7ac0a58897927eb36cf3b58cb01268ca0296f1d589c0a5b4f889b96b5b4a57bef05b17c59be59a9d7c4d7a3d3be58f101f7f41  nginx.conf
0907f69dc2d3dc1bad3a04fb6673f741f1a8be964e22b306ef9ae2f8e736e1f5733a8884bfe54f3553fff5132a0e5336716250f54272c3fec2177d6ba16986f3  default.conf
09b110693e3f4377349ccea3c43cb8199c8579ee351eae34283299be99fdf764b0c1bddd552e13e4d671b194501618b29c822e1ad53b34101a73a63954363dbb  nginx.logrotate
eb183860cd511361346e4079c1fcf470985e1c3b2a034a57f8b2a92ba851fed99256261f9b779770a5f57e3750e9e71bd1550a9d19ad9bf3a4d288864f0374a2  nginx.initd
558764c9be913a4f61d0e277d07bf3c272e1ce086b3fadb85b693a7e92805cd9fca4da7a8d29c96e53fc0d23b331327d3b2561ff61f19d2330e7d5d35ac7d614  ngx_devel_kit-0.3.0.tar.gz
1134d404ec9fd163d410c6ac6d8ec55515586e470aad17f1909e23c4fd35217a39639fa24cdffcf3b32733bb83c5f47508e16fb22f9d2c42e8226bda51b4ae38  ngx_cache_purge-2.4.1.tar.gz
c455bee73cebd0752449472452d15614b9587ddd199263d366484ede890c4d108eacbbeaef31adc9dc7732b56ef2bfc73c0fef3366366db03a8ec3fdc27a985c  echo-nginx-module-0.60.tar.gz
ce0043ad4a2b638c5d99244d6caaa65ad142cea78884084a9aeca5a9593c68dbe508c9e4dd85dc5722eb63ef386612bffc48d4b6fc1487df244fbcb7a73bffe1  ngx-fancyindex-0.4.1.tar.gz
e42582b45c3111de3940bbeb67ce161aca2d55adcfb00c61c12256fa0e36221d38723013f36edbcf6d1b520f8dfb49d4657df8a956e66d36e68425afad382bd1  headers-more-nginx-module-0.32.tar.gz
ad621cec178eb37109f16ebc30dbab7b1ea344ac4b523ff1e6ad62364b8cf437488a89c593ca44b446b729a1c578e3a97685851847b4b16a147ac9eca8f23a2a  lua-nginx-module-0.10.8.tar.gz
eee427887b172cde32f42c5b2158fb1e05742b102b996e48e99941a9c1a33ec7d473a8835c1d06686c02afeb5d5dbe0fec8ff700a363d6330821f108196e85da  lua-upstream-nginx-module-0.06.tar.gz
1e9b029912ef6e89dba8e3aed57d50848b52fbeb1077d965ca39aea14c2b34c11092ee53db47fb1df9e5adaf466f849c5a33cade881fddb420c1a036bc659d4b  nchan-1.1.7.tar.gz
1730845ea2e52be8c2f6cfceb2894304c5a07959a96940bb1617ee0e7cf81d22283304f411d9a219ddb71e4d9a66012bba0f6f5574d101aeb3c406f26c5d6a4e  nginx-http-shibboleth-2.0.1.tar.gz
a22cfab85f5a15cf4b778749227caee559982dbe7711e1c5698456b3821943ec66b7a980ed56612b7f2ae70d22832123be24e50a402c659c6f3eb1d98d60b4cd  redis2-nginx-module-0.14.tar.gz
c853b041cecc3521f888be3d0483c6cf23d239259ac4f5d35b10d4483b0fb06d1d22060adedcf6605b220d99f9051faf300d06989736d510b4486f943d3a675e  set-misc-nginx-module-0.31.tar.gz
c31c46344d49704389722325a041b9cd170fa290acefe92cfc572c07f711cd3039de78f28df48ca7dcb79b2e4bbe442580aaaf4d92883fd3a14bf41d66dd9d8c  nginx-upload-progress-module-0.9.2.tar.gz
4da7734301d21cd696fcc3aed1a496a93be15af373307487622c0a5920e79d9b580fd5836de7f9c0b60c01485021ba85afae1abb471e703c2d6e23c60ffe7d0a  nginx-upstream-fair-0.1.2.tar.gz
e7c897265d1e93b06f7e46a653b113e24d2451e2112a7a6da415f130928437444a0346832fd9c10042397fea6120e4e44acc2bccf649ec30ca5bffbf985672e2  nginx-rtmp-module-1.1.11.tar.gz"