summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Ruppert <idl0r@gentoo.org>2021-08-17 19:25:20 +0200
committerChristian Ruppert <idl0r@gentoo.org>2021-08-17 19:25:43 +0200
commit4480d663b359331427fd128cf7ff91289f154ea7 (patch)
treea85636ba8743467937be81e9715bc6ddcee4176f /net-proxy/haproxy/haproxy-2.2.16.ebuild
parentsys-kernel/dracut: fix usr mount regression (diff)
downloadgentoo-4480d663b359331427fd128cf7ff91289f154ea7.tar.gz
gentoo-4480d663b359331427fd128cf7ff91289f154ea7.tar.bz2
gentoo-4480d663b359331427fd128cf7ff91289f154ea7.zip
net-proxy/haproxy: Security bumps
https://www.mail-archive.com/haproxy@formilux.org/msg41041.html Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Christian Ruppert <idl0r@gentoo.org>
Diffstat (limited to 'net-proxy/haproxy/haproxy-2.2.16.ebuild')
-rw-r--r--net-proxy/haproxy/haproxy-2.2.16.ebuild186
1 files changed, 186 insertions, 0 deletions
diff --git a/net-proxy/haproxy/haproxy-2.2.16.ebuild b/net-proxy/haproxy/haproxy-2.2.16.ebuild
new file mode 100644
index 000000000000..894bf001b81c
--- /dev/null
+++ b/net-proxy/haproxy/haproxy-2.2.16.ebuild
@@ -0,0 +1,186 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+LUA_COMPAT=( lua5-3 )
+
+[[ ${PV} == *9999 ]] && SCM="git-r3"
+inherit toolchain-funcs flag-o-matic lua-single systemd linux-info ${SCM}
+
+MY_P="${PN}-${PV/_beta/-dev}"
+
+DESCRIPTION="A TCP/HTTP reverse proxy for high availability environments"
+HOMEPAGE="http://www.haproxy.org"
+if [[ ${PV} != *9999 ]]; then
+ SRC_URI="http://haproxy.1wt.eu/download/$(ver_cut 1-2)/src/${MY_P}.tar.gz"
+ KEYWORDS="~amd64 ~arm ~ppc ~x86"
+else
+ EGIT_REPO_URI="http://git.haproxy.org/git/haproxy-$(ver_cut 1-2).git/"
+ EGIT_BRANCH=master
+fi
+
+LICENSE="GPL-2 LGPL-2.1"
+SLOT="0/$(ver_cut 1-2)"
+IUSE="+crypt doc examples slz +net_ns +pcre pcre-jit pcre2 pcre2-jit prometheus-exporter
+ssl systemd +threads tools vim-syntax +zlib lua device-atlas 51degrees wurfl"
+REQUIRED_USE="pcre-jit? ( pcre )
+ pcre2-jit? ( pcre2 )
+ pcre? ( !pcre2 )
+ lua? ( ${LUA_REQUIRED_USE} )
+ device-atlas? ( pcre )
+ ?? ( slz zlib )"
+
+BDEPEND="virtual/pkgconfig"
+DEPEND="
+ crypt? ( virtual/libcrypt:= )
+ pcre? (
+ dev-libs/libpcre
+ pcre-jit? ( dev-libs/libpcre[jit] )
+ )
+ pcre2? (
+ dev-libs/libpcre2:=
+ pcre2-jit? ( dev-libs/libpcre2:=[jit] )
+ )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+ slz? ( dev-libs/libslz:= )
+ systemd? ( sys-apps/systemd )
+ zlib? ( sys-libs/zlib )
+ lua? ( ${LUA_DEPS} )
+ device-atlas? ( dev-libs/device-atlas-api-c )"
+RDEPEND="${DEPEND}
+ acct-group/haproxy
+ acct-user/haproxy"
+
+S="${WORKDIR}/${MY_P}"
+
+DOCS=( CHANGELOG CONTRIBUTING MAINTAINERS README )
+CONTRIBS=( halog iprange )
+# ip6range is present in 1.6, but broken.
+ver_test ${PV} -ge 1.7.0 && CONTRIBS+=( ip6range spoa_example tcploop )
+# TODO: mod_defender - requires apache / APR, modsecurity - the same
+ver_test ${PV} -ge 1.8.0 && CONTRIBS+=( hpack )
+
+haproxy_use() {
+ (( $# != 2 )) && die "${FUNCNAME} <USE flag> <make option>"
+
+ usex "${1}" "USE_${2}=1" "USE_${2}="
+}
+
+pkg_setup() {
+ use lua && lua-single_pkg_setup
+ if use net_ns; then
+ CONFIG_CHECK="~NET_NS"
+ linux-info_pkg_setup
+ fi
+}
+
+src_compile() {
+ local -a args=(
+ V=1
+ TARGET=linux-glibc
+ )
+
+ # TODO: PCRE2_WIDTH?
+ args+=( $(haproxy_use threads THREAD) )
+ args+=( $(haproxy_use crypt LIBCRYPT) )
+ args+=( $(haproxy_use net_ns NS) )
+ args+=( $(haproxy_use pcre PCRE) )
+ args+=( $(haproxy_use pcre-jit PCRE_JIT) )
+ args+=( $(haproxy_use pcre2 PCRE2) )
+ args+=( $(haproxy_use pcre2-jit PCRE2_JIT) )
+ args+=( $(haproxy_use ssl OPENSSL) )
+ args+=( $(haproxy_use slz SLZ) )
+ args+=( $(haproxy_use zlib ZLIB) )
+ args+=( $(haproxy_use lua LUA) )
+ args+=( $(haproxy_use 51degrees 51DEGREES) )
+ args+=( $(haproxy_use device-atlas DEVICEATLAS) )
+ args+=( $(haproxy_use wurfl WURFL) )
+ args+=( $(haproxy_use systemd SYSTEMD) )
+
+ # For now, until the strict-aliasing breakage will be fixed
+ append-cflags -fno-strict-aliasing
+
+ # Bug #668002
+ if use ppc || use arm || use hppa; then
+ TARGET_LDFLAGS=-latomic
+ fi
+
+ if use prometheus-exporter; then
+ EXTRA_OBJS="contrib/prometheus-exporter/service-prometheus.o"
+ fi
+
+ # HAProxy really needs some of those "SPEC_CFLAGS", like -fno-strict-aliasing
+ emake CFLAGS="${CFLAGS} \$(SPEC_CFLAGS)" LDFLAGS="${LDFLAGS}" CC=$(tc-getCC) EXTRA_OBJS="${EXTRA_OBJS}" TARGET_LDFLAGS="${TARGET_LDFLAGS}" ${args[@]}
+ emake -C contrib/systemd SBINDIR=/usr/sbin
+
+ if use tools ; then
+ for contrib in ${CONTRIBS[@]} ; do
+ # Those two includes are a workaround for hpack Makefile missing those
+ emake -C contrib/${contrib} \
+ CFLAGS="${CFLAGS} -I../../include/ -I../../ebtree/" OPTIMIZE="${CFLAGS}" LDFLAGS="${LDFLAGS}" CC=$(tc-getCC) ${args[@]}
+ done
+ fi
+}
+
+src_install() {
+ dosbin haproxy
+ dosym ../sbin/haproxy /usr/bin/haproxy
+
+ newconfd "${FILESDIR}/${PN}.confd" ${PN}
+ newinitd "${FILESDIR}/${PN}.initd-r6" ${PN}
+
+ doman doc/haproxy.1
+
+ systemd_dounit contrib/systemd/haproxy.service
+
+ einstalldocs
+
+ # The errorfiles are used by upstream defaults.
+ insinto /etc/haproxy/errors/
+ doins examples/errorfiles/*
+
+ if use doc; then
+ dodoc ROADMAP doc/*.txt
+ #if use lua; then
+ # TODO: doc/lua-api/
+ #fi
+ fi
+
+ if use tools ; then
+ has halog "${CONTRIBS[@]}" && dobin contrib/halog/halog
+ has "iprange" "${CONTRIBS[@]}" && newbin contrib/iprange/iprange haproxy_iprange
+ has "ip6range" "${CONTRIBS[@]}" && newbin contrib/ip6range/ip6range haproxy_ip6range
+ has "spoa_example" "${CONTRIBS[@]}" && newbin contrib/spoa_example/spoa haproxy_spoa_example
+ has "spoa_example" "${CONTRIBS[@]}" && newdoc contrib/spoa_example/README README.spoa_example
+ has "tcploop" "${CONTRIBS[@]}" && newbin contrib/tcploop/tcploop haproxy_tcploop
+ has "hpack" "${CONTRIBS[@]}" && newbin contrib/hpack/gen-rht haproxy_hpack
+ fi
+
+ if use examples ; then
+ docinto examples
+ dodoc examples/*.cfg
+ dodoc doc/seamless_reload.txt
+ fi
+
+ if use vim-syntax ; then
+ insinto /usr/share/vim/vimfiles/syntax
+ doins contrib/syntax-highlight/haproxy.vim
+ fi
+}
+
+pkg_postinst() {
+ if [[ ! -f "${EROOT}/etc/haproxy/haproxy.cfg" ]] ; then
+ ewarn "You need to create /etc/haproxy/haproxy.cfg before you start the haproxy service."
+ ewarn "It's best practice to not run haproxy as root, user and group haproxy was therefore created."
+ ewarn "Make use of them with the \"user\" and \"group\" directives."
+
+ if [[ -d "${EROOT}/usr/share/doc/${PF}" ]]; then
+ einfo "Please consult the installed documentation for learning the configuration file's syntax."
+ einfo "The documentation and sample configuration files are installed here:"
+ einfo " ${EROOT}/usr/share/doc/${PF}"
+ fi
+ fi
+}