Re: [PATCH] www/nginx: update third-party modules

Omar Polo <op@openbsd.org> wrote:
> Hello,
>
> "Sergey A. Osokin" <osa@freebsd.org> wrote:
> > And here's the patch.
> >
> > Thank you.
>
> (+cc robert@; please put the maintainer in Cc so it's easier for them to
> see the mail)
>
> the diff it doesn't build here:
> patch-lua-nginx-module_src_ngx_http_lua_ssl_certby_c was upstreamed and
> needs to be removed, and then other two patches fails to apply:
>
> ===> Failed patches:
> patch-lua-nginx-module_src_ngx_http_lua_ssl_ocsp_c
> patch-lua-nginx-module_src_ngx_http_lua_ssl_session_storeby_c
>
> (forgot to 'cvs add' the patches/ before generating the diff?)

(i meant 'cvs rm'...)

> Then, some comments on the diff:
>
> - it's REVISION and not PORTREVISION here :P
> (also, it's generally closer to the DISTNAME/PKGNAME line, but YMMV)
>
> - even if it probably makes more sense to sort the PKGNAMESs, WANTLIBs
> and whatnot, it makes more difficoult to understand the changes when
> looking at the diff, so i'd postpone the matter for later.

and i forgot probably the most obvious thing: the diff is lacking the
DESCR and PLIST for the new njs subpackage (forgot a 'cvs add'?). you
also need to add njs to MODULE_PACKAGES.

> i'm attaching an updated diff without the sorting and with the
> upstreamed patch removed, but it still needs some work on the two
> failing patches.
>
> Cheers,
>
> Omar Polo
>
> Index: Makefile
> ===================================================================
> RCS file: /home/cvs/ports/www/nginx/Makefile,v
> retrieving revision 1.163
> diff -u -p -r1.163 Makefile
> --- Makefile 30 May 2022 08:17:34 -0000 1.163
> +++ Makefile 3 Jun 2022 10:11:45 -0000
> @@ -7,6 +7,7 @@ COMMENT-xslt= nginx XSLT filter module
> COMMENT-mailproxy= nginx mail proxy module
> COMMENT-stream= nginx TCP/UDP proxy module
> COMMENT-naxsi= nginx web application firewall module
> +COMMENT-njs= nginx JavaScript module
> COMMENT-ldap_auth= nginx LDAP authentication module
> COMMENT-lua= nginx lua scripting module
> COMMENT-headers_more= nginx module for setting/adding/clearing headers
> @@ -17,9 +18,10 @@ COMMENT-securelink= nginx HMAC secure li
>
> VERSION= 1.22.0
> DISTNAME= nginx-${VERSION}
> +REVISION= 0
> CATEGORIES= www
>
> -VERSION-rtmp= 1.2.1
> +VERSION-rtmp= 1.2.2
>
> PKGNAME-main= ${DISTNAME}
> PKGNAME-image_filter= nginx-image_filter-${VERSION}
> @@ -47,13 +49,14 @@ DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
>
> _GH_MODS= \
> openresty headers-more-nginx-module v0.33 \
> - openresty lua-nginx-module v0.10.11 \
> + openresty lua-nginx-module v0.10.21 \
> nbs-system naxsi 1.3 \
> kvspb nginx-auth-ldap 83c059b73566c2ee9cbda920d91b66657cf120b7 \
> arut nginx-rtmp-module v${VERSION-rtmp} \
> - simpl ngx_devel_kit v0.3.0 \
> leev ngx_http_geoip2_module 3.3 \
> - nginx-modules ngx_http_hmac_secure_link_module 48c4625fbbf51ed5a95bfec23fa444f6c3702e50
> + nginx-modules ngx_http_hmac_secure_link_module 8c5449202cd5afd8970f316bd6828d28281dc9bc \
> + nginx njs 0.7.4 \
> + vision5 ngx_devel_kit v0.3.1
>
> .for _a _p _c in ${_GH_MODS}
> DISTFILES+= ${_p}-{${_a}/${_p}/archive/}${_c}.tar.gz:0
> @@ -68,9 +71,9 @@ PERMIT_PACKAGE= Yes
>
> MULTI_PACKAGES = -main -naxsi -perl ${MODULE_PACKAGES}
>
> -MODULE_PACKAGES = -image_filter -geoip2 -xslt -mailproxy -stream \
> - -passenger -headers_more -ldap_auth -lua -rtmp \
> - -securelink
> +MODULE_PACKAGES = -headers_more -geoip2 -image_filter \
> + -ldap_auth -lua -mailproxy -passenger \
> + -rtmp -securelink -stream -xslt
>
> FLAVOR ?=
> PSEUDO_FLAVORS = no_lua no_passenger
> @@ -93,6 +96,7 @@ WANTLIB-headers_more=
> WANTLIB-perl= c m perl
> WANTLIB-passenger= m pthread ${COMPILER_LIBCXX}
> WANTLIB-securelink= crypto
> +WANTLIB-njs=
>
> LIB_DEPENDS-main= devel/pcre
> LIB_DEPENDS-xslt= textproc/libxml \
> @@ -194,7 +198,7 @@ NO_TEST= Yes
> ALL_TARGET=
>
> pre-patch:
> -.for i in headers-more-nginx-module lua-nginx-module naxsi \
> +.for i in headers-more-nginx-module lua-nginx-module naxsi njs \
> nginx-auth-ldap ngx_devel_kit ngx_http_geoip2_module \
> ngx_http_hmac_secure_link_module
> cd ${WRKSRC} && mv ../$i-* $i
> Index: distinfo
> ===================================================================
> RCS file: /home/cvs/ports/www/nginx/distinfo,v
> retrieving revision 1.79
> diff -u -p -r1.79 distinfo
> --- distinfo 30 May 2022 08:17:34 -0000 1.79
> +++ distinfo 3 Jun 2022 10:04:28 -0000
> @@ -1,20 +1,22 @@
> SHA256 (headers-more-nginx-module-v0.33.tar.gz) = o9y6sRepwQO8HqUgD8AKe30q+X/3/VJfFvisJjLjD78=
> -SHA256 (lua-nginx-module-v0.10.11.tar.gz) = wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY=
> +SHA256 (lua-nginx-module-v0.10.21.tar.gz) = nbdWAAV4767LQ76k/Gz2MaqoCYjYb/5dOv65kniV/60=
> SHA256 (naxsi-1.3.tar.gz) = Q5yGdzctJZe0Ngu8wQvIZJDeH8dWlbGTrV3xVKIU1ig=
> SHA256 (nginx-1.20.1-chroot.patch) = SS1TB0j8N4/dn5pUTGT6WvkN3aAUuKz5+R0Nt+MG0gk=
> SHA256 (nginx-1.22.0.tar.gz) = sz1Wmm8RoBQzpXzhfoOTXpU61Nx3zdTUD4lsiKwm61M=
> SHA256 (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = aQxOW9sq4ZsP7nXNNW0YATRo20cmFrYJeloLvjRshGQ=
> -SHA256 (nginx-rtmp-module-v1.2.1.tar.gz) = h6pZdACwtaBSdO4tI9jLgiThJoYiegq+MdeDs6ZF6jc=
> -SHA256 (ngx_devel_kit-v0.3.0.tar.gz) = iOBamainQZBm9a51lm+x78QJutRSLRSYbaB0VUrmFhk=
> +SHA256 (nginx-rtmp-module-v1.2.2.tar.gz) = B/Gbe//sXjV7uIIMY+UoHevUX1oubUaxY22SAsPgnXg=
> +SHA256 (ngx_devel_kit-v0.3.1.tar.gz) = DpcRBeIQ0nKkl1Z/ouLCVvTjm4RaW6gNNz4muhq/vYU=
> SHA256 (ngx_http_geoip2_module-3.3.tar.gz) = QTeEOMgz4xOhiGnQxKcnBLSDXDCsr3/WgBOrZzL/eKc=
> -SHA256 (ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz) = ZXpA2rODS1enIREzlD1OqWwpWcv3NOUXH4eUOgOAmqg=
> +SHA256 (ngx_http_hmac_secure_link_module-8c5449202cd5afd8970f316bd6828d28281dc9bc.tar.gz) = 4flk02zJ1fWoocHBmIwLTPPjq8mdxHyvsg9pr+Siw68=
> +SHA256 (njs-0.7.4.tar.gz) = xHS1rfax6HVxALvvNeHcQDGD+NnA9Qv6sBcnt3d9ciU=
> SIZE (headers-more-nginx-module-v0.33.tar.gz) = 28130
> -SIZE (lua-nginx-module-v0.10.11.tar.gz) = 616653
> +SIZE (lua-nginx-module-v0.10.21.tar.gz) = 690938
> SIZE (naxsi-1.3.tar.gz) = 235626
> SIZE (nginx-1.20.1-chroot.patch) = 8783
> SIZE (nginx-1.22.0.tar.gz) = 1073322
> SIZE (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = 18542
> -SIZE (nginx-rtmp-module-v1.2.1.tar.gz) = 519919
> -SIZE (ngx_devel_kit-v0.3.0.tar.gz) = 66455
> +SIZE (nginx-rtmp-module-v1.2.2.tar.gz) = 519934
> +SIZE (ngx_devel_kit-v0.3.1.tar.gz) = 66542
> SIZE (ngx_http_geoip2_module-3.3.tar.gz) = 8509
> -SIZE (ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz) = 6159
> +SIZE (ngx_http_hmac_secure_link_module-8c5449202cd5afd8970f316bd6828d28281dc9bc.tar.gz) = 6380
> +SIZE (njs-0.7.4.tar.gz) = 589203
> Index: patches/patch-lua-nginx-module_src_ngx_http_lua_ssl_certby_c
> ===================================================================
> RCS file: patches/patch-lua-nginx-module_src_ngx_http_lua_ssl_certby_c
> diff -N patches/patch-lua-nginx-module_src_ngx_http_lua_ssl_certby_c
> --- patches/patch-lua-nginx-module_src_ngx_http_lua_ssl_certby_c 11 Mar 2022 20:10:10 -0000 1.2
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,34 +0,0 @@
> -Use SSL_version() instead of TLS1_get_version().
> -https://github.com/openresty/lua-nginx-module/commit/bb76eb123b4a80324e527062d71fe9d3f4c86d25
> -
> -Index: lua-nginx-module/src/ngx_http_lua_ssl_certby.c
> ---- lua-nginx-module/src/ngx_http_lua_ssl_certby.c.orig
> -+++ lua-nginx-module/src/ngx_http_lua_ssl_certby.c
> -@@ -549,13 +549,6 @@ ngx_http_lua_ssl_cert_by_chunk(lua_State *L, ngx_http_
> - int
> - ngx_http_lua_ffi_ssl_get_tls1_version(ngx_http_request_t *r, char **err)
> - {
> --#ifndef TLS1_get_version
> --
> -- *err = "no TLS1 support";
> -- return NGX_ERROR;
> --
> --#else
> --
> - ngx_ssl_conn_t *ssl_conn;
> -
> - if (r->connection == NULL || r->connection->ssl == NULL) {
> -@@ -569,11 +562,9 @@ ngx_http_lua_ffi_ssl_get_tls1_version(ngx_http_request
> - return NGX_ERROR;
> - }
> -
> -- dd("tls1 ver: %d", (int) TLS1_get_version(ssl_conn));
> -+ dd("tls1 ver: %d", SSL_version(ssl_conn));
> -
> -- return (int) TLS1_get_version(ssl_conn);
> --
> --