Update nginx to v1.25.5

mangadventure · Apr 19, 2024 · e78ebf5 · e78ebf5
1 parent 0b9ce92
commit e78ebf5
Show file tree

Hide file tree

Showing 2 changed files with 114 additions and 110 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,113 +1,117 @@
-FROM alpine:3.18
+FROM alpine:3.19
 
-ARG NGINX_VERSION=1.25.3
+ARG NGINX_VERSION=1.25.5
+
+SHELL [ "/bin/ash", "-e", "-o", "pipefail", "-c" ]
 
 COPY patches /tmp/patches
 
-# hadolint ignore=DL3003,DL3018,DL4006,SC2016
-RUN addgroup -S nginx \
-    && adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx \
-    && apk add --no-cache \
-        brotli-libs \
-        libgcc \
-        liburing \
-        mimalloc2 \
-        pcre2 \
-    && apk add --no-cache -t .build-deps \
-        brotli-dev \
-        build-base \
-        cmake \
-        curl \
-        git \
-        liburing-dev \
-        linux-headers \
-        make \
-        mimalloc2-dev \
-        pcre2-dev \
-        perl \
-        tar \
-        zlib-dev \
-        zstd-dev \
-    && mkdir -p /usr/src/nginx /etc/ssl /etc/letsencrypt /etc/nginx/sites-enabled \
-    && git clone --depth=1 --branch=openssl-3.1.4+quic \
-        https://github.com/quictls/openssl /usr/src/openssl \
-    && git clone --depth=1 --shallow-submodules --recursive \
-        https://github.com/google/ngx_brotli /usr/src/ngx_brotli \
-    && git clone --depth=1 https://github.com/tokers/zstd-nginx-module /usr/src/ngx_zstd \
-    && git clone --depth=1 https://github.com/grahamedgecombe/nginx-ct /usr/src/ngx_ct \
-    && git clone --depth=1 https://github.com/vozlt/nginx-module-vts /usr/src/ngx_vts \
-    && git clone --depth=1 https://github.com/openresty/memc-nginx-module /usr/src/ngx_memc \
-    && git clone --depth=1 https://github.com/openresty/redis2-nginx-module /usr/src/ngx_redis2 \
-    && curl -Ssf https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz \
-        | tar xzf - -C /usr/src/nginx --strip-components=1 \
-    && curl -Ssfo /etc/ssl/dhparam.pem https://2ton.com.au/dhparam/4096 \
-    && cd /usr/src/nginx \
-    && for f in /tmp/patches/*.patch; do patch -Np1 -i $f; done \
-    && ./configure \
-        --prefix=/etc/nginx \
-        --sbin-path=/usr/sbin/nginx \
-        --modules-path=/var/lib/nginx/modules \
-        --conf-path=/etc/nginx/nginx.conf \
-        --error-log-path=/var/log/nginx/error.log \
-        --http-log-path=/var/log/nginx/access.log \
-        --pid-path=/var/run/nginx.pid \
-        --lock-path=/var/run/nginx.lock \
-        --http-client-body-temp-path=/var/cache/nginx/client_temp \
-        --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
-        --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
-        --user=nginx \
-        --group=nginx \
-        --with-compat \
-        --with-file-aio \
-        --with-threads \
-        --with-pcre \
-        --with-pcre-jit \
-        --with-mail \
-        --with-mail_ssl_module \
-        --without-mail_pop3_module \
-        --with-http_auth_request_module \
-        --with-http_gunzip_module \
-        --with-http_gzip_static_module \
-        --with-http_realip_module \
-        --with-http_slice_module \
-        --with-http_ssl_module \
-        --with-http_v2_module \
-        --with-http_v3_module \
-        --without-http_browser_module \
-        --without-http_empty_gif_module \
-        --without-http_fastcgi_module \
-        --without-http_geo_module \
-        --without-http_memcached_module \
-        --without-http_mirror_module \
-        --without-http_scgi_module \
-        --without-http_split_clients_module \
-        --without-http_userid_module \
-        --with-openssl=/usr/src/openssl \
-        --with-cc-opt='-O2 -pipe' \
-        --with-ld-opt='-lmimalloc' \
-        --add-dynamic-module=/usr/src/ngx_brotli \
-        --add-dynamic-module=/usr/src/ngx_zstd \
-        --add-dynamic-module=/usr/src/ngx_ct \
-        --add-dynamic-module=/usr/src/ngx_vts \
-        --add-dynamic-module=/usr/src/ngx_memc \
-        --add-dynamic-module=/usr/src/ngx_redis2 \
-    && make -j$(getconf _NPROCESSORS_ONLN) \
-    && make install \
-    && strip /usr/sbin/nginx objs/ngx_*_module.so \
-    && cp -v objs/ngx_*_module.so /var/lib/nginx/modules \
-    && rm -r /etc/nginx/html \
-             /etc/nginx/*.default \
-             /etc/nginx/koi-win \
-             /etc/nginx/koi-utf \
-             /etc/nginx/win-utf \
-             /etc/nginx/scgi_params \
-             /etc/nginx/fastcgi_params \
-             /etc/nginx/fastcgi.conf \
-    && printf >> /etc/nginx/uwsgi_params \
-        '\nuwsgi_param HTTP_EARLY_DATA $ssl_early_data if_not_empty;\n' \
-    && apk del .build-deps \
-    && rm -rf /tmp/patches /usr/src \
-    && nginx -Vt
+# hadolint ignore=DL3003,DL3018,SC2016
+RUN <<EOF
+addgroup -S nginx
+adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx
+apk add --no-cache \
+    brotli-libs \
+    libgcc \
+    liburing \
+    mimalloc2 \
+    pcre2
+apk add --no-cache -t .build-deps \
+    brotli-dev \
+    build-base \
+    cmake \
+    curl \
+    git \
+    liburing-dev \
+    linux-headers \
+    make \
+    mimalloc2-dev \
+    pcre2-dev \
+    perl \
+    tar \
+    zlib-dev \
+    zstd-dev
+mkdir -p /usr/src/nginx /etc/ssl /etc/letsencrypt /etc/nginx/sites-enabled
+git clone --depth=1 --branch=openssl-3.1.5+quic \
+    https://github.com/quictls/openssl /usr/src/openssl
+git clone --depth=1 --shallow-submodules --recursive \
+    https://github.com/google/ngx_brotli /usr/src/ngx_brotli
+git clone --depth=1 https://github.com/tokers/zstd-nginx-module /usr/src/ngx_zstd
+git clone --depth=1 https://github.com/grahamedgecombe/nginx-ct /usr/src/ngx_ct
+git clone --depth=1 https://github.com/vozlt/nginx-module-vts /usr/src/ngx_vts
+git clone --depth=1 https://github.com/openresty/memc-nginx-module /usr/src/ngx_memc
+git clone --depth=1 https://github.com/openresty/redis2-nginx-module /usr/src/ngx_redis2
+curl -Ssf https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | \
+    tar xzf - -C /usr/src/nginx --strip-components=1
+curl -Ssfo /etc/ssl/dhparam.pem https://2ton.com.au/dhparam/4096
+cd /usr/src/nginx
+for f in /tmp/patches/*.patch; do patch -Np1 -i $f; done
+./configure \
+    --prefix=/etc/nginx \
+    --sbin-path=/usr/sbin/nginx \
+    --modules-path=/var/lib/nginx/modules \
+    --conf-path=/etc/nginx/nginx.conf \
+    --error-log-path=/var/log/nginx/error.log \
+    --http-log-path=/var/log/nginx/access.log \
+    --pid-path=/var/run/nginx.pid \
+    --lock-path=/var/run/nginx.lock \
+    --http-client-body-temp-path=/var/cache/nginx/client_temp \
+    --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
+    --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
+    --user=nginx \
+    --group=nginx \
+    --with-compat \
+    --with-file-aio \
+    --with-threads \
+    --with-pcre \
+    --with-pcre-jit \
+    --with-mail \
+    --with-mail_ssl_module \
+    --without-mail_pop3_module \
+    --with-http_auth_request_module \
+    --with-http_gunzip_module \
+    --with-http_gzip_static_module \
+    --with-http_realip_module \
+    --with-http_slice_module \
+    --with-http_ssl_module \
+    --with-http_v2_module \
+    --with-http_v3_module \
+    --without-http_browser_module \
+    --without-http_empty_gif_module \
+    --without-http_fastcgi_module \
+    --without-http_geo_module \
+    --without-http_memcached_module \
+    --without-http_mirror_module \
+    --without-http_scgi_module \
+    --without-http_split_clients_module \
+    --without-http_userid_module \
+    --with-openssl=/usr/src/openssl \
+    --with-cc-opt='-O2 -pipe' \
+    --with-ld-opt='-lmimalloc' \
+    --add-dynamic-module=/usr/src/ngx_brotli \
+    --add-dynamic-module=/usr/src/ngx_zstd \
+    --add-dynamic-module=/usr/src/ngx_ct \
+    --add-dynamic-module=/usr/src/ngx_vts \
+    --add-dynamic-module=/usr/src/ngx_memc \
+    --add-dynamic-module=/usr/src/ngx_redis2
+make -j$(getconf _NPROCESSORS_ONLN)
+make install
+strip /usr/sbin/nginx objs/ngx_*_module.so
+cp -v objs/ngx_*_module.so /var/lib/nginx/modules
+rm -r /etc/nginx/html \
+      /etc/nginx/*.default \
+      /etc/nginx/koi-win \
+      /etc/nginx/koi-utf \
+      /etc/nginx/win-utf \
+      /etc/nginx/scgi_params \
+      /etc/nginx/fastcgi_params \
+      /etc/nginx/fastcgi.conf
+printf >> /etc/nginx/uwsgi_params \
+ '\nuwsgi_param HTTP_EARLY_DATA $ssl_early_data if_not_empty;\n'
+apk del .build-deps
+rm -rf /tmp/patches /usr/src
+nginx -Vt
+EOF
 
 COPY config /etc/nginx
 

diff --git a/arch/PKGBUILD b/arch/PKGBUILD
@@ -3,8 +3,8 @@
 # shellcheck disable=SC2154,SC2016,SC2206,SC2046
 
 pkgname=nginx-custom
-pkgver=1.25.3
-pkgrel=2
+pkgver=1.25.5
+pkgrel=1
 pkgdesc='Lightweight HTTP server and IMAP/POP3 proxy server (custom build)'
 arch=(x86_64)
 url='https://nginx.org'
@@ -24,7 +24,7 @@ backup=(etc/nginx/nginx.conf
         etc/nginx/default.vhost
         etc/logrotate.d/nginx)
 source=(nginx-${pkgver}.tar.gz::https://nginx.org/download/nginx-${pkgver}.tar.gz
-        git+https://github.com/quictls/openssl#branch=openssl-3.1.4+quic
+        git+https://github.com/quictls/openssl#branch=openssl-3.1.5+quic
         ngx_brotli::git+https://github.com/google/ngx_brotli
         ngx_zstd::git+https://github.com/tokers/zstd-nginx-module
         ngx_ct::git+https://github.com/grahamedgecombe/nginx-ct
@@ -41,7 +41,7 @@ source=(nginx-${pkgver}.tar.gz::https://nginx.org/download/nginx-${pkgver}.tar.g
         002-no-server-header.patch
         003-dynamic-tls.patch
         004-limit-req-adjust.patch)
-b2sums=('f7a77b92b80197ce6cff477dac42169d638f69a4a408e979daa4f5e87ca0e4d18e366b8c2b0fc686cd69f5f926b5b097a8893f3c5295387bcc6f174a2f72e7f4'
+b2sums=('75ff068554d96063d1c7cb18d84df4fe8b820f6065f3464efde055c707e94ff13c45bea261619a453f04abed1fa3f9baccf81c29ca0e956ef0535e9a5c931dc6'
         'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP' 'SKIP'
         'e5b3af3eba36bac8c281d773cd90efb8de977a1241e246060661d5c1d436d537ff74b03d137a2bb4a7752339e98e9073ab803bc214a84906498f2383ecad07ff'
         '5aa8dab4d6517fc09a96f2ced5c85a67a44878da4c5cde1031a089609d3d32505d0cb45e6842a1502cc6f09e03eef08ee0ce6826b73bcfdd8087b0b695f0801c'