[arch-commits] Commit in pound/repos/community-x86_64 (7 files)
David Runge
dvzrv at archlinux.org
Fri Nov 6 14:47:16 UTC 2020
Date: Friday, November 6, 2020 @ 14:47:16
Author: dvzrv
Revision: 744355
archrelease: copy trunk to community-x86_64
Added:
pound/repos/community-x86_64/PKGBUILD
(from rev 744354, pound/trunk/PKGBUILD)
pound/repos/community-x86_64/pound-3.0-runtime_dir.patch
(from rev 744354, pound/trunk/pound-3.0-runtime_dir.patch)
pound/repos/community-x86_64/pound.service
(from rev 744354, pound/trunk/pound.service)
pound/repos/community-x86_64/pound.yaml
(from rev 744354, pound/trunk/pound.yaml)
Deleted:
pound/repos/community-x86_64/PKGBUILD
pound/repos/community-x86_64/pound.cfg
pound/repos/community-x86_64/pound.service
-----------------------------+
PKGBUILD | 137 ++++++++++++++++++-----------------
pound-3.0-runtime_dir.patch | 66 +++++++++++++++++
pound.cfg | 85 ----------------------
pound.service | 56 +++++++++-----
pound.yaml | 161 ++++++++++++++++++++++++++++++++++++++++++
5 files changed, 334 insertions(+), 171 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2020-11-06 14:46:59 UTC (rev 744354)
+++ PKGBUILD 2020-11-06 14:47:16 UTC (rev 744355)
@@ -1,67 +0,0 @@
-# Maintainer: David Runge <dvzrv at archlinux.org>
-# Contributor: Sergej Pupykin <pupykin.s+arch at gmail.com>
-# Contributor: Douglas Soares de Andrade <dsa at aur.archlinux.org>
-# Contributor: Roberto Alsina <ralsina at kde.org>
-
-_name=Pound
-pkgname=pound
-pkgver=2.8
-pkgrel=3
-pkgdesc="A reverse proxy, load balancer, and SSL wrapper"
-arch=('x86_64')
-url="http://www.apsis.ch/pound/index_html"
-license=('GPL3')
-depends=('gcc-libs' 'glibc' 'pcre' 'openssl-1.0')
-makedepends=('gperftools')
-backup=('etc/pound/pound.cfg')
-# switch to https://github.com/graygnuorg/pound for openssl
-source=("http://www.apsis.ch/${pkgname}/${_name}-${pkgver}.tgz"
- "${_name}-${pkgver}.tgz.asc::http://www.apsis.ch/${pkgname}/${_name}-${pkgver}.asc"
- "${pkgname}.service"
- "${pkgname}.cfg")
-sha512sums=('cf0b865b17d3628e273626e07733f1320e4768702c0f64c8ef0f78d46667f770b223bdc7dca88016a95e5ebd23ae646f95a9b2f4a54a5a80001a10047f07eacc'
- 'SKIP'
- 'c4b47825e3f394db9e8e784f6342d7912081c7de94638e51d27c6a7de0b13fd9665f5540412c8ddaf3157040f9b83d234e01d93ad3a61be45955aaf3afc6f543'
- '32d33474a115dfc9d5ccc094ffdb3c367108a48976cf3e58442642dab08167cd0a1808eefa1879e3c38b607d2a6a1cd28142dbd690244368760daba1f95526f6')
-b2sums=('2e4526fb78bb8bf1206a60318fef23925f2eb3b2d72c56895e6cc839e944ad8a58820be8c6c54ff2f12cd8e34ee8500dc8f7555c968fe4cd42ae7cc51ef6feec'
- 'SKIP'
- '41fade7a7dc90d4de479b95748f272be4d4ed1e0226539b1dacb20caeef20b30f66b62afc401b4e5fb43b9cbfe107d22dad88a772469f4963ecb564357cd4f2a'
- '1dc6854854fcc1e0ce32249f6dbfe89b9ccb5ebe614bc700252090a1bb1e072d763859f42bdc1e3a8aa5ddded271cecb5d4c82ef0a90ed98c113ca019cbb255b')
-validpgpkeys=('8BB562A0F1DB703FB7EB1E95AB72C62A8691DD02') # Robert Segall <roseg at apsis.ch>
-
-prepare() {
- mv -v "${_name}-${pkgver}" "${pkgname}-${pkgver}"
- cd "${pkgname}-${pkgver}"
- # use openssl-1.0 to generate dhparam
- sed -e 's/openssl/openssl-1.0/' -i Makefile.in
-}
-
-build() {
- cd "${pkgname}-${pkgver}"
- # use openssl-1.0
- CPPFLAGS+=" -I/usr/include/openssl-1.0" \
- LDFLAGS+=" -L/usr/lib/openssl-1.0" \
- ./configure --prefix=/usr \
- --sysconfdir=/etc/pound \
- --bindir=/usr/bin \
- --sbindir=/usr/bin \
- --with-ssl='/usr/lib/openssl-1.0' \
- --with-owner=root \
- --with-group=root
- make
-}
-
-package() {
- depends+=('libtcmalloc.so')
- cd "${pkgname}-${pkgver}"
- make DESTDIR="$pkgdir" install
- # configuration
- install -vDm 644 "${srcdir}/${pkgname}.cfg" \
- "${pkgdir}/etc/${pkgname}/${pkgname}.cfg"
- # systemd service
- install -vDm 644 "$srcdir/${pkgname}.service" \
- "${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
- # docs
- install -vDm 644 {CHANGELOG,FAQ,README} \
- -t "${pkgdir}/usr/share/doc/${pkgname}/"
-}
Copied: pound/repos/community-x86_64/PKGBUILD (from rev 744354, pound/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2020-11-06 14:47:16 UTC (rev 744355)
@@ -0,0 +1,70 @@
+# Maintainer: David Runge <dvzrv at archlinux.org>
+# Contributor: Sergej Pupykin <pupykin.s+arch at gmail.com>
+# Contributor: Douglas Soares de Andrade <dsa at aur.archlinux.org>
+# Contributor: Roberto Alsina <ralsina at kde.org>
+
+_name=Pound
+pkgname=pound
+pkgver=3.0
+pkgrel=1
+pkgdesc="A reverse proxy, load balancer, and SSL wrapper"
+arch=('x86_64')
+url="https://www.apsis.ch/pound.html"
+license=('GPL3')
+depends=('gcc-libs' 'glibc' 'libyaml' 'nanomsg' 'pcre')
+makedepends=('cmake' 'gperftools' 'mbedtls' 'uthash')
+backup=("etc/${pkgname}/${pkgname}.yaml")
+source=("http://www.apsis.ch/${pkgname}/${_name}-${pkgver}.tgz"
+ "${_name}-${pkgver}.tgz.asc::http://www.apsis.ch/${pkgname}/${_name}-${pkgver}.asc"
+ "${pkgname}-3.0-runtime_dir.patch"
+ "${pkgname}.service"
+ "${pkgname}.yaml")
+sha512sums=('28426fa2d66efa310fce43fc57b87b6cd9d646573161ab880b139feec856710306002af623f023907bb77f8b37979cf2332dc3e16cde48c6d349d813c6ac47e2'
+ 'SKIP'
+ '25db5c13750c2770ae5a91d850f2f00e888474a05b2464c6f03ebe4dc628c86edf8df640daa96e9dcb7240de43537a731671376f20e0dfb599ef5fc2eaf6c053'
+ '887ebace94fb6974b34e096c3f9d85e7e45186f816f8a0b4218ffecf2bf041702bc5d40547ca5883691e1d5f959e28b8ce3aac0f12c877760c0e80d8319f57e9'
+ '329fb0064f9720cc41332894d3e96e098ffd789d13bcb3b35d67dd9f7b4c0667d1b4cf1d93df9427b4e867d5f0b5857be412ae8d34abed5aa3c2774a499b3292')
+b2sums=('8834d2d57c81bf792d803bc2aef7ad5d17243539ea3fddab777ab3dbd7f903a2f771762ee8d4818c63b7c6380c253dc7c7465e10225f884c2bb968af3dfab831'
+ 'SKIP'
+ 'eba66845b02eff8cea9353f1617f9fcbce040609ea22a1061d98a69c109fed1aaaf6fb338cde1c969153df383def7ae5e3231f281140d32702acfb8c628fa0e4'
+ '886e7218d0098f86edfde32b0d8ccdf47f7a8d6a3417144bbd9279cac14d51065fe72b312844ff6a24be6d16183a3b4a44b0d012c1d08808d07ea96d660ff69f'
+ 'a7ebb7714abf8bc7c2c0f627f6fdcc226a293277a98455bd52340536754ef3a5aef75340b8535402c78a9a754f78d4793c1d7b0c15b0b8d393fd3760a6398858')
+validpgpkeys=('8BB562A0F1DB703FB7EB1E95AB72C62A8691DD02') # Robert Segall <roseg at apsis.ch>
+
+prepare() {
+ mv -v "${_name}-${pkgver}" "${pkgname}-${pkgver}"
+ cd "${pkgname}-${pkgver}"
+ # set runtime dir to /run/pound
+ patch -Np1 -i "../${pkgname}-3.0-runtime_dir.patch"
+ # remove vendored uthash so we build with the packaged version
+ rm -v include/ut{hash,array}.h
+}
+
+build() {
+ cd "${pkgname}-${pkgver}"
+ cmake -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_BUILD_TYPE='None' \
+ -Wno-dev \
+ -B build \
+ -S .
+ make VERBOSE=1 -C build
+}
+
+package() {
+ depends+=('libmbedtls.so' 'libmbedcrypto.so' 'libmbedx509.so'
+ 'libtcmalloc.so')
+
+ cd "${pkgname}-${pkgver}"
+ # cmake setup has no install target :(
+ install -vDm 755 build/"${pkgname}" -t "${pkgdir}/usr/bin/"
+ # configuration
+ install -vDm 644 "../${pkgname}.yaml" -t "${pkgdir}/etc/${pkgname}/"
+ # systemd service
+ install -vDm 644 "../${pkgname}.service" \
+ -t "${pkgdir}/usr/lib/systemd/system/"
+ # man page
+ install -vDm 644 man/${pkgname}.8 -t "${pkgdir}/usr/share/man/man8/"
+ # docs
+ install -vDm 644 README.md \
+ -t "${pkgdir}/usr/share/doc/${pkgname}/"
+}
Copied: pound/repos/community-x86_64/pound-3.0-runtime_dir.patch (from rev 744354, pound/trunk/pound-3.0-runtime_dir.patch)
===================================================================
--- pound-3.0-runtime_dir.patch (rev 0)
+++ pound-3.0-runtime_dir.patch 2020-11-06 14:47:16 UTC (rev 744355)
@@ -0,0 +1,66 @@
+diff -ruN a/include/pound.h.in b/include/pound.h.in
+--- a/include/pound.h.in 2020-11-03 11:53:10.000000000 +0100
++++ b/include/pound.h.in 2020-11-06 11:27:38.356394898 +0100
+@@ -103,7 +103,7 @@
+ #include "hpack.h"
+
+ #define F_CONF "/etc/pound/pound.yaml"
+-#define F_PID "/var/run/pound.pid"
++#define F_PID "/run/pound/pound.pid"
+
+ #ifndef NI_MAXHOST
+ #define NI_MAXHOST 1025
+@@ -203,4 +203,4 @@
+ extern void *thr_http(void *);
+
+ /* http2.c */
+-extern void do_http2(HTTP_LISTENER *, FILE *, char *, char *, int);
+\ No newline at end of file
++extern void do_http2(HTTP_LISTENER *, FILE *, char *, char *, int);
+diff -ruN a/man/pound.8 b/man/pound.8
+--- a/man/pound.8 2020-11-03 11:53:10.000000000 +0100
++++ b/man/pound.8 2020-11-06 11:28:20.249080056 +0100
+@@ -131,7 +131,7 @@
+ will write its own pid into this file. Normally this is used for shell
+ scripts that control starting and stopping of the daemon.
+ Default:
+-.I /var/run/pound.pid
++.I /run/pound/pound.pid
+ .PP
+ One (or more) copies of
+ .B Pound
+@@ -481,7 +481,7 @@
+ .RE
+ .SH FILES
+ .TP
+-\fI/var/run/pound.pid\fR
++\fI/run/pound/pound.pid\fR
+ this is where
+ .B Pound
+ will attempt to record its process id.
+@@ -496,4 +496,4 @@
+ Copyright \(co 2002-2020 Apsis GmbH.
+ .br
+ This is free software; see the source for copying conditions. There is NO
+-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+\ No newline at end of file
++warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+diff -ruN a/src/config.c b/src/config.c
+--- a/src/config.c 2020-11-03 11:53:10.000000000 +0100
++++ b/src/config.c 2020-11-06 11:28:00.302721953 +0100
+@@ -612,7 +612,7 @@
+
+ memset(&global, '\0', sizeof(global));
+ opterr = 0;
+- global.pid = "/var/run/pound.pid";
++ global.pid = "/run/pound/pound.pid";
+ global.log_level = 0;
+ while((c_opt = getopt(argc, argv, "f:cvd:p:")) > 0)
+ switch(c_opt) {
+@@ -710,4 +710,4 @@
+ if(o_check)
+ exit(0);
+ return;
+-}
+\ No newline at end of file
++}
Deleted: pound.cfg
===================================================================
--- pound.cfg 2020-11-06 14:46:59 UTC (rev 744354)
+++ pound.cfg 2020-11-06 14:47:16 UTC (rev 744355)
@@ -1,85 +0,0 @@
-###############################################################################
-## Pound configration file
-###############################################################################
-##
-##
-## GLOBAL SETTINGS
-##
-## Specify the user and group Pound will run as.
-#User "pound"
-#Group "pound"
-##
-## Specify the directory that Pound will chroot to at runtime.
-#RootJail "/"
-##
-## Have Pound run in the foreground (if 0) or as a daemon (if 1).
-#Daemon 1
-##
-## Specify the log facility to use.
-#LogFacility daemon
-##
-## Specify the logging level.
-#LogLevel 1
-##
-## Ignore case when matching URLs.
-#IgnoreCase 0
-##
-## Enable or disable the dynamic rescaling code.
-#DynScale 0
-##
-## Specify how often Pound will check for resurected back-end hosts.
-#Alive 30
-##
-## Specify for how long Pound will wait for a client request.
-#Client 10
-##
-## How long should Pound wait for a response from the back-end.
-#TimeOut 15
-##
-## How long should Pound wait for a connection to the back-end.
-#ConnTO 15
-##
-## How long should Pound continue to answer interrupted connections.
-#Grace 30
-##
-## Use an OpenSSL hardware acceleration card.
-#SSLEngine "name"
-##
-## Set the control socket path.
-Control "/run/pound/poundctl.socket"
-##
-##
-## LISTENERS
-##
-## Configure services and backends for the HTTP reverse proxy.
-#ListenHTTP
-# Address 10.0.0.1
-# Port 80
-# Service
-# BackEnd
-# Address 127.0.0.1
-# Port 8080
-# End
-# BackEnd
-# Address 127.0.0.1
-# Port 8081
-# End
-# End
-#End
-##
-## Configure services and backends for the HTTPS reverse proxy.
-#ListenHTTPS
-# Address 10.0.0.1
-# Port 443
-# Cert "/etc/ssl/certs/pound.pem"
-# Service
-# BackEnd
-# Address 127.0.0.1
-# Port 8080
-# End
-# BackEnd
-# Address 127.0.0.1
-# Port 8081
-# End
-# End
-#End
Deleted: pound.service
===================================================================
--- pound.service 2020-11-06 14:46:59 UTC (rev 744354)
+++ pound.service 2020-11-06 14:47:16 UTC (rev 744355)
@@ -1,19 +0,0 @@
-[Unit]
-Description=A reverse proxy, load balancer, and SSL wrapper
-Documentation=man:pound(8)
-After=syslog.target network-online.target systemd-sysusers.service
-Wants=network-online.target
-
-[Service]
-Type=forking
-DynamicUser=yes
-RuntimeDirectory=pound
-ExecStart=/usr/bin/pound -f /etc/pound/pound.cfg -p /run/pound/pound.pid
-PIDFile=/run/pound/pound.pid
-ProtectControlGroups=yes
-ProtectKernelModules=yes
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-
-[Install]
-WantedBy=multi-user.target
Copied: pound/repos/community-x86_64/pound.service (from rev 744354, pound/trunk/pound.service)
===================================================================
--- pound.service (rev 0)
+++ pound.service 2020-11-06 14:47:16 UTC (rev 744355)
@@ -0,0 +1,37 @@
+[Unit]
+Description=A reverse proxy, load balancer, and SSL wrapper
+Documentation=man:pound(8)
+After=syslog.target network-online.target systemd-sysusers.service
+Wants=network-online.target
+
+[Service]
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+DeviceAllow=
+DynamicUser=yes
+ExecStart=/usr/bin/pound
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+PIDFile=/run/pound/pound.pid
+PrivateDevices=yes
+PrivateTmp=true
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=~AF_PACKET AF_NETLINK AF_UNIX
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RuntimeDirectory=pound
+StateDirectory=pound
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@resources @privileged
+Type=forking
+UMask=177
+
+[Install]
+WantedBy=multi-user.target
Copied: pound/repos/community-x86_64/pound.yaml (from rev 744354, pound/trunk/pound.yaml)
===================================================================
--- pound.yaml (rev 0)
+++ pound.yaml 2020-11-06 14:47:16 UTC (rev 744355)
@@ -0,0 +1,161 @@
+---
+# Pound configuration file. See man 8 pound for further examples.
+#
+# Global Directives
+#
+# Specify the user Pound will run as (must be defined in /etc/passwd).
+# User: "pound"
+
+# Specify the group Pound will run as (must be defined in /etc/group).
+# Group: "pound"
+
+# Specify the directory that Pound will chroot to at runtime. Please note that
+# SSL may require access to /dev/urandom, so make sure you create a device by
+# that name, accessible from the root jail directory. Pound may also require
+# access to /dev/syslog or similar.
+# RootJail: "/"
+
+# Specify a path to an HTML file to be returned in case of a 404 error.
+# Err404: "/path/to/file"
+
+# Specify a path to an HTML file to be returned in case of a 405 error.
+# Err405: "/path/to/file"
+
+# Specify a path to an HTML file to be returned in case of a 500 error.
+# Err500: "/path/to/file"
+
+# Backends
+#
+# A back-end is a definition of a single back-end server Pound will use to
+# reply to incoming requests. Each backend must be marked with an anchor (&).
+Backends:
+ - &default_backend
+ # The address that Pound will connect to. This can be a numeric IP address,
+ # or a symbolic host name that must be resolvable at run-time. This is a
+ # mandatory parameter.
+ Address: localhost
+
+ # The port number that Pound will connect to. This is a mandatory parameter.
+ Port: 8080
+
+ # How long to wait for a backend (server) to complete and operation.
+ # Default: 15 (seconds).
+ Timeout:
+
+ # How many threads will be used to service requests to this backend. See
+ # also below for remarks on performance tuning. Default: 8 (threads).
+ Threads:
+
+ # A header to add to each reply received from this backend. The header is a
+ # string.
+ # HeadAdd:
+
+# HTTPListeners
+#
+# An HTTP listener defines an address and port that Pound will listen on for
+# HTTP requests.
+HTTPListeners:
+ -
+ # The address that Pound will listen on. This can be a numeric IP address,
+ # or a symbolic host name that must be resolvable at run-time. This is a
+ # mandatory parameter. The address 0.0.0.0 may be used as an alias for 'all
+ # available addresses on this machine', but this practice is strongly
+ # discouraged.
+ Address: localhost
+
+ # The port number that Pound will listen on. This is a mandatory parameter.
+ Port: 80
+
+ # Define how long Pound will wait for client activity. Default: 5 (seconds).
+ Client:
+
+ # Define how many threads Pound will use to service client requests.
+ # Default: 8 (threads).
+ Threads:
+
+ # This defines a service. This service will be used only by this listener.
+ Services:
+
+ -
+ # The service will only be used if the request URL matches the given
+ # pattern.
+ URL:
+
+ # Use the service only if any of the request headers matches the given
+ # pattern.
+ HeadRequire:
+
+ # Use the service only if none of the request headers matches the given
+ # pattern.
+ HeadDeny:
+
+ # How long to keep the client sessions (in seconds). Sessions are a
+ # long term association between a client IP address and a specific
+ # backend in this service. A value of 0 seconds means no sessions are
+ # kept. Default: 0.
+ Session:
+
+ # A list of references to previously defined backends.
+ BackEnds:
+ - *default_backend
+
+# HTTPSListeners
+#
+# An HTTP listener defines an address and port that Pound will listen on for
+# HTTP requests.
+HTTPSListeners:
+ # -
+ # The address that Pound will listen on. This can be a numeric IP address,
+ # or a symbolic host name that must be resolvable at run-time. This is a
+ # mandatory parameter. The address 0.0.0.0 may be used as an alias for 'all
+ # available addresses on this machine', but this practice is strongly
+ # discouraged.
+ # Address: localhost
+
+ # The port number that Pound will listen on. This is a mandatory parameter.
+ # Port: 443
+
+ # Define how long Pound will wait for client activity. Default: 5 (seconds).
+ # Client:
+
+ # Define how many threads Pound will use to service client requests.
+ # Default: 8 (threads).
+ # Threads:
+
+ # A file name or a list of file names. Each file must contain a certificate,
+ # optionally additional chained certificates up to a known certificate
+ # authority, and the private key corresponding to the certificate.
+ # Note: the private key should probably not be password-protected, as Pound
+ # normally starts as a daemon and cannot ask for the password at start-up
+ # time.
+ # Certificates:
+
+ # A list of acceptable cipher names for this listener. The negotiation with
+ # the client will result in one of these ciphers being used, or the
+ # hand-shake will fail.
+ # Ciphers:
+
+ # This defines a service. This service will be used only by this listener.
+ # Services:
+ # -
+ # The service will only be used if the request URL matches the given
+ # pattern.
+ # URL:
+
+ # Use the service only if any of the request headers matches the given
+ # pattern.
+ # HeadRequire:
+
+ # Use the service only if none of the request headers matches the given
+ # pattern.
+ # HeadDeny:
+
+ # How long to keep the client sessions (in seconds). Sessions are a
+ # long term association between a client IP address and a specific
+ # backend in this service. A value of 0 seconds means no sessions are
+ # kept. Default: 0.
+ # Session:
+
+ # A list of references to previously defined backends.
+ # BackEnds:
+ # - *default_backend
More information about the arch-commits
mailing list