From e81d2dd033df3a61b874a9a37f951ca05eead86f Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 8 Apr 2025 08:43:12 +0100 Subject: gentoo auto-resync : 08:04:2025 - 08:43:11 --- www-servers/Manifest.gz | Bin 4373 -> 4372 bytes www-servers/lighttpd/Manifest | 6 +- www-servers/lighttpd/files/lighttpd.service-r3 | 84 ++++++++++ www-servers/lighttpd/lighttpd-1.4.79.ebuild | 221 +++++++++++++++++++++++++ www-servers/lighttpd/lighttpd-9999.ebuild | 2 +- 5 files changed, 311 insertions(+), 2 deletions(-) create mode 100644 www-servers/lighttpd/files/lighttpd.service-r3 create mode 100644 www-servers/lighttpd/lighttpd-1.4.79.ebuild (limited to 'www-servers') diff --git a/www-servers/Manifest.gz b/www-servers/Manifest.gz index 24c1a81b15f1..c36c6ff48f14 100644 Binary files a/www-servers/Manifest.gz and b/www-servers/Manifest.gz differ diff --git a/www-servers/lighttpd/Manifest b/www-servers/lighttpd/Manifest index ab1c91a0e760..fbccbe25ff68 100644 --- a/www-servers/lighttpd/Manifest +++ b/www-servers/lighttpd/Manifest @@ -8,12 +8,16 @@ AUX lighttpd.confd 240 BLAKE2B 8383c102f9e3a373909f26cda9f73d1edf81ef9dae42a4859 AUX lighttpd.initd-r2 1949 BLAKE2B aafc91df917057db7cc271fd2b4b2bd5b1ccf3070f11eacf17109e8be13c0061be0c63a822ea235392d41efd772ca27011990e539cfdd1712a1e4a5425c121eb SHA512 4eb6c08fd484f336c4e530ce5efee953d7e538475975852105ea3fb38a4c1705780dca479d0be9239a1f8ad6d0b018b43a00f177f7b0dc19a4fffd03e242ef4f AUX lighttpd.logrotate-r1 385 BLAKE2B c41e4b7892d3cb8cd7306eb7fa93b4a03452786acc7a3078464cf2cb7eec982f626201cc0d0aea7dd7de81cacf603f6d064c8ec6f8dcff09f78dfd48b656aa93 SHA512 8cae2d3acb2f4d9a9043e492c4b15024f85f92d93616d5e92e08d51e2295fde6160c750be08244703f999208c4b43ecfb9a2fcb8e223e52992551a0668302ffe AUX lighttpd.service-r2 414 BLAKE2B 24e1f3e41304ee6865b33ed847b8dc7c41a24e02acfbd3436b25fc69c10531b2a8f6ac751fd4a5bde73eba45c7f66867dcf2efcaba4e08905b8364d30dcb8386 SHA512 670e11aba26282087c46d063d6d64f2b3da91d06fc12d60300e96a7fbab1eaa5d397dd6f11eeda6eb1bffa1fb82304cd9a6909b14102e4d482c3720341c56e57 +AUX lighttpd.service-r3 3240 BLAKE2B b7681c9289162cdc37cbd84108c6466ad342cda939f8f6a1be0220efc9400038f38c257af00958ecb8a80e5d1989f2edb67009b0ca59f8e1e0ab5b810b51f0db SHA512 758fbe5960045dcd0cd9a8416909510f57d66b721c1ad8ac2b4e9bb08e36ea6ab466f4bea8217165b0e3e71b9bbef9ab80996bbb796cec2d9c60b46688cf23ed AUX lighttpd.tmpfiles.conf 41 BLAKE2B a159ae17094377d927bcf51078d40c322e5213d62064a271a7a0cf5b32423b349ac13d2ebc38a8de5c6478823ac022e46eef60a830e6ae9598e848b8c220bc2f SHA512 3fda360423a7a406a2981de647dac6b4419fe60c649bf3cc21fad566e8513293f6e81d4f5b777eaf06a056beedbf44360a39894ca3a2d05d3fc3a2d26c339efe DIST lighttpd-1.4.77.tar.xz 857872 BLAKE2B 52775633d494d502b76ec200efefadb99996d32e5127ac858d11712f683ffd8233855c8dcd30b3e5f285389ba2fbfbddc1090752d38e4ec0c0f267fc7d4afe80 SHA512 696fd4fd8486a6c3fd1131c7e8a935a02b5384882b74ddc19bf79d085e2a0abed9184a30f97e3a7aafb816d3589e110e8d70115daa15cdc52cf61aa4129e3565 DIST lighttpd-1.4.77.tar.xz.asc 833 BLAKE2B 5d3bdccd5788fce50d908eb028760290bd8033d27c0f15f414d2c5fe7d07b31ecd05aa2028d3a6b37ebdaaf2aafebb37c685834af6c502b80de185740c52de3a SHA512 5068f871244929054cc63c0381ec99f43cea573bd1d303ce3ad8a46df09e4358a96679fcb0a689d49ee2ab0228f11a95270b4e8418b7d69b7cddce425f1b14b1 DIST lighttpd-1.4.78.tar.xz 863668 BLAKE2B 7465cc1794a5cf1167635615126e458c6708c58aaf87fc3bab9c54a140973193227f1dc0071ee618d3e6087d220de40883196f8d3c0a8e998036b3bb47e51d01 SHA512 40559e676da38b7b4742d7140ab1afe6b69a10ececc5ab1e18c1ea0e4b1c3f13f8058e8e005cbad3df8c008b6b80511afbd0bde9c8094848f3db4d5a29961181 DIST lighttpd-1.4.78.tar.xz.asc 833 BLAKE2B 6341885ffda6712aa3eef07842a0534d9a4e80f0b55c98711f977fdc726d5193f17b0f5d6615fa2d8748b895a12484264cf98e3cac4a7b805e7eafa5459a3efd SHA512 09569a4ebff206cfa2ad5439e5fa6876ed10ea555c8cc990bcf83dffc2723febfdcbdd26ede09eb616fdc6c6a94b53d23842567af6901ec66dfcbb287374a7c5 +DIST lighttpd-1.4.79.tar.xz 865428 BLAKE2B 99a30d778b8df794695ed8ae6a016e0cec7c0a428ac247a87087f683e9a10a7a957d7e637a5710ea3df7793b046f7f0a659013d680c34c434a607885bd5f9997 SHA512 e0f1bb2cfca5e81001ea30d13f088425dfc7acbec924ecddf438eb6326ab3158a61c6c4aaee0b68a90666d1cb987ce94b1f6a48afd92485cc995db5b58265f83 +DIST lighttpd-1.4.79.tar.xz.asc 833 BLAKE2B a05351e88f73134b90fe85056d3dfa4861d34915980d2fb095327b26ec15d090db576208837a232b2faf9b929874ef86a9370859b078f87d7ec228f71db08a46 SHA512 d57546d57652ab27a5972c2a6977f175a0f9062dcfcdfaa6f4ec952d07d0780d5a98d6d94eaab086e9c5577a3e960371459d1f3cd8631b881d0a6164a6471326 EBUILD lighttpd-1.4.77.ebuild 5589 BLAKE2B a32dd6dea0ffc0ceac6abca642f3ff58fa579e4073b62e5795c96db485d1967d3c2facc25c8b49b5075d1c39c1ac3f78bf7cb8aae60c6035ccb4d79dea1e48a6 SHA512 ee3ba16ac1cf01ab30f6f4dbbd81a023d0b58f40fec4ce517e57db7f13f453fd880cba1ab51c1b41c181d53bfda39ec080370d4869519f2d36d306f10013b950 EBUILD lighttpd-1.4.78.ebuild 5538 BLAKE2B b48fa4b7f9488e12a6ae4e41a169fd47db34a7ac1683874e2a2ff2ee906be489d8f00758d0ae553e6e322c9876f758333a0a0ae6712da4f6079580f287cc9ce4 SHA512 24fcd52741449726054f28ade1392fa25607eed1f2c9f92bbcc092755c1802c2a5e97c039929a541260e2987a717c2f8b956cb398a3229eb64db678d6676ba77 -EBUILD lighttpd-9999.ebuild 5538 BLAKE2B b48fa4b7f9488e12a6ae4e41a169fd47db34a7ac1683874e2a2ff2ee906be489d8f00758d0ae553e6e322c9876f758333a0a0ae6712da4f6079580f287cc9ce4 SHA512 24fcd52741449726054f28ade1392fa25607eed1f2c9f92bbcc092755c1802c2a5e97c039929a541260e2987a717c2f8b956cb398a3229eb64db678d6676ba77 +EBUILD lighttpd-1.4.79.ebuild 5538 BLAKE2B a3d77d8130d3bbb1d2d9b56439a77431f4c19a8ebecd3efb8651990745b25332c2dc1581153e42010604c85b04f99389a12381548cc1f53cedae1a3c4bbcc067 SHA512 2ea33c021ddff87904ce5b7056f45de9f769db02b682d46a662618bdd1869ffd0528a526bf0bdd3fe566241f0a0386d6ac3ccc05cff1bebbaabc658f00e22681 +EBUILD lighttpd-9999.ebuild 5538 BLAKE2B a3d77d8130d3bbb1d2d9b56439a77431f4c19a8ebecd3efb8651990745b25332c2dc1581153e42010604c85b04f99389a12381548cc1f53cedae1a3c4bbcc067 SHA512 2ea33c021ddff87904ce5b7056f45de9f769db02b682d46a662618bdd1869ffd0528a526bf0bdd3fe566241f0a0386d6ac3ccc05cff1bebbaabc658f00e22681 MISC metadata.xml 1839 BLAKE2B 1d3bb5474c1bf9f16d84013bec3c0b43d2e2c5d44535e80b2a225bc64345155ba812d0ed9826f8f4072b9a9a113ede7ab5de05b0442bd8968fcad0916edba9fb SHA512 bb491fac80fd3e92b38f35fdd75e09ca6574819eba0d9fd8bed7256be603a113a3127d2ca32c42b9dc4e3a3359f55f62d44650768844cae374d7aa81432a7983 diff --git a/www-servers/lighttpd/files/lighttpd.service-r3 b/www-servers/lighttpd/files/lighttpd.service-r3 new file mode 100644 index 000000000000..288d08e00729 --- /dev/null +++ b/www-servers/lighttpd/files/lighttpd.service-r3 @@ -0,0 +1,84 @@ +[Unit] +Description=Lighttpd Daemon +After=syslog.target network-online.target +Documentation=man:lighttpd https://wiki.lighttpd.net + +# optional: systemd socket activation for lighttpd +# Requires lighttpd.conf: server.systemd-socket-activation = "enable" +# Requires installation, configuration, enabling of systemd lighttpd*.socket +# https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/doc/systemd/ +#Requires=lighttpd-http-ipv4.socket lighttpd-http-ipv6.socket lighttpd-https-ipv4.socket lighttpd-https-ipv6.socket + +[Install] +WantedBy=multi-user.target + +[Service] +Type=simple +PIDFile=/run/lighttpd.pid +ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf +ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf +ExecReload=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf +ExecReload=/bin/kill -USR1 $MAINPID +Restart=on-failure + +# increase num files soft limit; 1024 harkens back to select() limit +# (lighttpd.conf must still be configured with `server.max-fds`; default 4096) +LimitNOFILE=32768:524288 + +# +# system capabilities hardening +# + +# (comment all out if running lighttpd as root to manage system, e.g. via LuCI) + +# Recommended configuration: have systemd start lighttpd as unprivileged user. +# Note: starting lighttpd as unprivileged user requires TLS certificates to be +# readable by the unprivileged user and will fail for existing configurations +# where that is not currently the case. For that scenario and for similar +# compatibility reasons, this is not yet enabled by default. +#User=lighttpd +#Group=lighttpd + +# Allow unprivileged lighttpd to bind,listen to ports < 1024 (i.e. 80 and 443). +AmbientCapabilities=CAP_NET_BIND_SERVICE + +# Recommended configuration: strictly limit capabilities +# Limit capabilities, including for children and privileged processes, e.g. root +# CAP_NET_BIND_SERVICE allows bind() to ports < 1024 (i.e. 80 and 443). +# CAP_SETGID, CAP_SETUID, and CAP_SYS_CHROOT are self explanatory. +#CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT +# If not starting lighttpd as root, minimal capability to bind to ports < 1024: +#CapabilityBoundingSet=CAP_NET_BIND_SERVICE + +# Using systemd socket activation, even CAP_NET_BIND_SERVICE is not necessary +# and could be removed from AmbientCapabilities and CapabilityBoundingSet. +# Requires lighttpd*.socket 'Requires' in [Unit] section at top of this file. + +# Note: PrivateTmp=yes +# could break backends if named socket from independent daemon is located +# in /tmp; must relocate lighttpd.conf socket paths to e.g. /run/lighttpd +# Note: ProtectHome=read-only +# could break CGI scripts or WebDAV writing to home paths +# Note: RestrictSUIDSGID=yes +# could break CGI scripts or WebDAV setting suid/sgid permission bit on files + +KeyringMode=private +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateTmp=yes +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=read-only +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectProc=invisible +ProtectSystem=full +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native diff --git a/www-servers/lighttpd/lighttpd-1.4.79.ebuild b/www-servers/lighttpd/lighttpd-1.4.79.ebuild new file mode 100644 index 000000000000..acf2800b1887 --- /dev/null +++ b/www-servers/lighttpd/lighttpd-1.4.79.ebuild @@ -0,0 +1,221 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-{1..4} ) +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/lighttpd.asc +inherit lua-single meson readme.gentoo-r1 systemd tmpfiles verify-sig + +DESCRIPTION="Lightweight high-performance web server" +HOMEPAGE="https://www.lighttpd.net https://github.com/lighttpd" +if [[ ${PV} == *9999* ]] ; then + EGIT_REPO_URI="https://git.lighttpd.net/lighttpd/lighttpd1.4.git" + inherit git-r3 +else + SRC_URI=" + https://download.lighttpd.net/lighttpd/releases-1.4.x/${P}.tar.xz + verify-sig? ( https://download.lighttpd.net/lighttpd/releases-$(ver_cut 1-2).x/${P}.tar.xz.asc ) + " + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +LICENSE="BSD GPL-2" +SLOT="0" +IUSE="+brotli dbi gnutls kerberos ldap libdeflate +lua maxminddb mbedtls +nettle nss +pcre php sasl selinux ssl unwind webdav xattr +zlib zstd" + +REQUIRED_USE=" + lua? ( ${LUA_REQUIRED_USE} ) +" + +# Match the bundled xxhash version for the minimum version +COMMON_DEPEND=" + acct-group/lighttpd + acct-user/lighttpd + >=dev-libs/xxhash-0.8.2 + virtual/libcrypt:= + brotli? ( app-arch/brotli:= ) + dbi? ( + dev-db/libdbi + ) + gnutls? ( net-libs/gnutls ) + kerberos? ( virtual/krb5 ) + ldap? ( >=net-nds/openldap-2.1.26:= ) + libdeflate? ( app-arch/libdeflate ) + lua? ( ${LUA_DEPS} ) + maxminddb? ( dev-libs/libmaxminddb ) + mbedtls? ( net-libs/mbedtls:0= ) + nettle? ( dev-libs/nettle:= ) + nss? ( dev-libs/nss ) + pcre? ( dev-libs/libpcre2 ) + php? ( dev-lang/php:*[cgi] ) + sasl? ( dev-libs/cyrus-sasl ) + ssl? ( >=dev-libs/openssl-0.9.7:= ) + unwind? ( sys-libs/libunwind:= ) + webdav? ( + dev-libs/libxml2 + dev-db/sqlite + ) + xattr? ( kernel_linux? ( sys-apps/attr ) ) + zlib? ( >=sys-libs/zlib-1.1 ) + zstd? ( app-arch/zstd:= ) +" +DEPEND=" + ${COMMON_DEPEND} + elibc_musl? ( sys-libs/queue-standalone ) +" +RDEPEND=" + ${COMMON_DEPEND} + selinux? ( sec-policy/selinux-apache ) +" +BDEPEND=" + virtual/pkgconfig + verify-sig? ( >=sec-keys/openpgp-keys-lighttpd-20250325 ) +" + +# update certain parts of lighttpd.conf based on conditionals +update_config() { + local config="${ED}/etc/lighttpd/lighttpd.conf" + + # Enable php/mod_fastcgi settings + if use php; then + sed -i -e 's|#.*\(include.*fastcgi.*$\)|\1|' ${config} || die + fi + + # Automatically listen on IPv6 if built with USE=ipv6 (which we now always do) + # bug #234987 + sed -i -e 's|# server.use-ipv6|server.use-ipv6|' ${config} || die +} + +pkg_setup() { + if use lua; then + lua-single_pkg_setup + fi + + if ! use pcre ; then + ewarn "It is highly recommended that you build ${PN}" + ewarn "with perl regular expressions support via USE=pcre." + ewarn "Otherwise you lose support for some core options such" + ewarn "as conditionals and modules such as mod_re{write,direct}." + fi + + DOC_CONTENTS="IPv6 migration guide:\n + https://wiki.lighttpd.net/IPv6-Config + " +} + +src_configure() { + # (One specific library might be preferred on embedded systems via + # MYMESONARGS with e.g. -DFORCE_blah_CRYPTO) + local emesonargs=( + -Dmoduledir="$(get_libdir)"/${PN} + + ${c_args} + + $(meson_feature brotli with_brotli) + + # TODO: revisit (was off in autotools ebuild) + -Dwith_bzip=disabled + + $(meson_feature dbi with_dbi) + + # Obsolete + -Dwith_fam=disabled + + $(meson_use gnutls with_gnutls) + $(meson_feature kerberos with_krb5) + $(meson_feature ldap with_ldap) + + $(meson_feature libdeflate with_libdeflate) + + $(meson_feature unwind with_libunwind) + + $(meson_use lua with_lua) + -Dlua_version=${ELUA} + + $(meson_feature maxminddb with_maxminddb) + $(meson_use mbedtls with_mbedtls) + + $(meson_use nettle with_nettle) + $(meson_use nss with_nss) + + # Obsolete + -Dwith_pcre=disabled + + $(meson_use pcre with_pcre2) + + $(meson_feature sasl with_sasl) + $(meson_use ssl with_openssl) + + -Dwith_xxhash=enabled + $(meson_feature webdav with_webdav_props) + + # Unpackaged in Gentoo + -Dwith_wolfssl=false + + $(meson_use xattr with_xattr) + $(meson_feature zlib with_zlib) + $(meson_feature zstd with_zstd) + ) + + meson_src_configure +} + +src_install() { + meson_src_install + + # Init script stuff + newinitd "${FILESDIR}"/lighttpd.initd-r2 lighttpd + newconfd "${FILESDIR}"/lighttpd.confd lighttpd + + # Configs + insinto /etc/lighttpd + newins "${FILESDIR}"/conf/lighttpd.conf-r3 lighttpd.conf + doins "${FILESDIR}"/conf/mod_cgi.conf + doins "${FILESDIR}"/conf/mod_fastcgi.conf + doins doc/config/conf.d/mime.conf + + # Update lighttpd.conf directives based on conditionals + update_config + + # Docs + dodoc AUTHORS README NEWS doc/scripts/*.sh + newdoc doc/config/lighttpd.conf lighttpd.conf.distrib + readme.gentoo_create_doc + + docinto txt + dodoc doc/outdated/*.txt + + doman doc/*.8 + + # Logrotate + insinto /etc/logrotate.d + newins "${FILESDIR}"/lighttpd.logrotate-r1 lighttpd + + keepdir /var/l{ib,og}/lighttpd /var/www/localhost/htdocs + fowners lighttpd:lighttpd /var/l{ib,og}/lighttpd + fperms 0750 /var/l{ib,og}/lighttpd + + systemd_newunit "${FILESDIR}"/${PN}.service-r3 ${PN}.service + newtmpfiles "${FILESDIR}"/${PN}.tmpfiles.conf ${PN}.conf +} + +pkg_postinst() { + tmpfiles_process ${PN}.conf + + readme.gentoo_print_elog + + if [[ -f ${EROOT}/etc/lighttpd.conf ]] ; then + elog + elog "Gentoo has a customized configuration," + elog "which is now located in ${EROOT}/etc/lighttpd. Please migrate your" + elog "existing configuration." + fi + + if use brotli || use zstd || use zlib ; then + elog + elog "Remember to clean your cache directory when using" + elog "output compression!" + elog "https://wiki.lighttpd.net/Docs_ModDeflate" + fi +} diff --git a/www-servers/lighttpd/lighttpd-9999.ebuild b/www-servers/lighttpd/lighttpd-9999.ebuild index ad6023182db3..acf2800b1887 100644 --- a/www-servers/lighttpd/lighttpd-9999.ebuild +++ b/www-servers/lighttpd/lighttpd-9999.ebuild @@ -196,7 +196,7 @@ src_install() { fowners lighttpd:lighttpd /var/l{ib,og}/lighttpd fperms 0750 /var/l{ib,og}/lighttpd - systemd_newunit "${FILESDIR}"/${PN}.service-r2 ${PN}.service + systemd_newunit "${FILESDIR}"/${PN}.service-r3 ${PN}.service newtmpfiles "${FILESDIR}"/${PN}.tmpfiles.conf ${PN}.conf } -- cgit v1.2.3