[arch-commits] Commit in pound/repos (5 files)
David Runge
dvzrv at gemini.archlinux.org
Tue Dec 28 11:10:02 UTC 2021
Date: Tuesday, December 28, 2021 @ 11:10:02
Author: dvzrv
Revision: 1085528
archrelease: copy trunk to community-staging-x86_64
Added:
pound/repos/community-staging-x86_64/
pound/repos/community-staging-x86_64/PKGBUILD
(from rev 1085527, pound/trunk/PKGBUILD)
pound/repos/community-staging-x86_64/pound-3.0-runtime_dir.patch
(from rev 1085527, pound/trunk/pound-3.0-runtime_dir.patch)
pound/repos/community-staging-x86_64/pound.service
(from rev 1085527, pound/trunk/pound.service)
pound/repos/community-staging-x86_64/pound.yaml
(from rev 1085527, pound/trunk/pound.yaml)
-----------------------------+
PKGBUILD | 70 ++++++++++++++++++
pound-3.0-runtime_dir.patch | 66 +++++++++++++++++
pound.service | 37 +++++++++
pound.yaml | 161 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 334 insertions(+)
Copied: pound/repos/community-staging-x86_64/PKGBUILD (from rev 1085527, pound/trunk/PKGBUILD)
===================================================================
--- community-staging-x86_64/PKGBUILD (rev 0)
+++ community-staging-x86_64/PKGBUILD 2021-12-28 11:10:02 UTC (rev 1085528)
@@ -0,0 +1,70 @@
+# Maintainer: David Runge <dvzrv at archlinux.org>
+# Contributor: Sergej Pupykin <pupykin.s+arch at gmail.com>
+# Contributor: Douglas Soares de Andrade <dsa at aur.archlinux.org>
+# Contributor: Roberto Alsina <ralsina at kde.org>
+
+_name=Pound
+pkgname=pound
+pkgver=3.0.2
+pkgrel=2
+pkgdesc="A reverse proxy, load balancer, and SSL wrapper"
+arch=(x86_64)
+url="https://www.apsis.ch/pound.html"
+license=(GPL3)
+depends=(gcc-libs glibc libyaml nanomsg pcre2)
+makedepends=(cmake gperftools mbedtls uthash)
+backup=("etc/${pkgname}/${pkgname}.yaml")
+source=("http://www.apsis.ch/${pkgname}/${_name}-${pkgver}.tgz"
+ "${_name}-${pkgver}.tgz.asc::http://www.apsis.ch/${pkgname}/${_name}-${pkgver}.asc"
+ "${pkgname}-3.0-runtime_dir.patch"
+ "${pkgname}.service"
+ "${pkgname}.yaml")
+sha512sums=('4c96a93df2b340049778ed7782377e521fbdd7b6ccaa157748b05941ac7a825b2688f37f3081a7e577b2fa1ec4f64d68a25d27af2210f59da5be0dc10d1391e9'
+ 'SKIP'
+ '25db5c13750c2770ae5a91d850f2f00e888474a05b2464c6f03ebe4dc628c86edf8df640daa96e9dcb7240de43537a731671376f20e0dfb599ef5fc2eaf6c053'
+ '887ebace94fb6974b34e096c3f9d85e7e45186f816f8a0b4218ffecf2bf041702bc5d40547ca5883691e1d5f959e28b8ce3aac0f12c877760c0e80d8319f57e9'
+ '329fb0064f9720cc41332894d3e96e098ffd789d13bcb3b35d67dd9f7b4c0667d1b4cf1d93df9427b4e867d5f0b5857be412ae8d34abed5aa3c2774a499b3292')
+b2sums=('0e3f2dc69771a1d1f3de00a721f02cdc4ff31f4d17ab81f64c368668f03c0c1f12484e2d40e7c1d2d203b033488f2bad57cafd8da5022dfe680a09cdc6b73bec'
+ 'SKIP'
+ 'eba66845b02eff8cea9353f1617f9fcbce040609ea22a1061d98a69c109fed1aaaf6fb338cde1c969153df383def7ae5e3231f281140d32702acfb8c628fa0e4'
+ '886e7218d0098f86edfde32b0d8ccdf47f7a8d6a3417144bbd9279cac14d51065fe72b312844ff6a24be6d16183a3b4a44b0d012c1d08808d07ea96d660ff69f'
+ 'a7ebb7714abf8bc7c2c0f627f6fdcc226a293277a98455bd52340536754ef3a5aef75340b8535402c78a9a754f78d4793c1d7b0c15b0b8d393fd3760a6398858')
+validpgpkeys=('8BB562A0F1DB703FB7EB1E95AB72C62A8691DD02') # Robert Segall <roseg at apsis.ch>
+
+prepare() {
+ mv -v "${_name}-${pkgver}" "${pkgname}-${pkgver}"
+ cd "${pkgname}-${pkgver}"
+ # set runtime dir to /run/pound
+ patch -Np1 -i "../${pkgname}-3.0-runtime_dir.patch"
+ # remove vendored uthash so we build with the packaged version
+ rm -v include/ut{hash,array}.h
+}
+
+build() {
+ cd "${pkgname}-${pkgver}"
+ cmake -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_BUILD_TYPE='None' \
+ -Wno-dev \
+ -B build \
+ -S .
+ make VERBOSE=1 -C build
+}
+
+package() {
+ depends+=(libmbedtls.so libmbedcrypto.so libmbedx509.so
+ libtcmalloc.so)
+
+ cd "${pkgname}-${pkgver}"
+ # cmake setup has no install target :(
+ install -vDm 755 build/"${pkgname}" -t "${pkgdir}/usr/bin/"
+ # configuration
+ install -vDm 644 "../${pkgname}.yaml" -t "${pkgdir}/etc/${pkgname}/"
+ # systemd service
+ install -vDm 644 "../${pkgname}.service" \
+ -t "${pkgdir}/usr/lib/systemd/system/"
+ # man page
+ install -vDm 644 man/${pkgname}.8 -t "${pkgdir}/usr/share/man/man8/"
+ # docs
+ install -vDm 644 README.md \
+ -t "${pkgdir}/usr/share/doc/${pkgname}/"
+}
Copied: pound/repos/community-staging-x86_64/pound-3.0-runtime_dir.patch (from rev 1085527, pound/trunk/pound-3.0-runtime_dir.patch)
===================================================================
--- community-staging-x86_64/pound-3.0-runtime_dir.patch (rev 0)
+++ community-staging-x86_64/pound-3.0-runtime_dir.patch 2021-12-28 11:10:02 UTC (rev 1085528)
@@ -0,0 +1,66 @@
+diff -ruN a/include/pound.h.in b/include/pound.h.in
+--- a/include/pound.h.in 2020-11-03 11:53:10.000000000 +0100
++++ b/include/pound.h.in 2020-11-06 11:27:38.356394898 +0100
+@@ -103,7 +103,7 @@
+ #include "hpack.h"
+
+ #define F_CONF "/etc/pound/pound.yaml"
+-#define F_PID "/var/run/pound.pid"
++#define F_PID "/run/pound/pound.pid"
+
+ #ifndef NI_MAXHOST
+ #define NI_MAXHOST 1025
+@@ -203,4 +203,4 @@
+ extern void *thr_http(void *);
+
+ /* http2.c */
+-extern void do_http2(HTTP_LISTENER *, FILE *, char *, char *, int);
+\ No newline at end of file
++extern void do_http2(HTTP_LISTENER *, FILE *, char *, char *, int);
+diff -ruN a/man/pound.8 b/man/pound.8
+--- a/man/pound.8 2020-11-03 11:53:10.000000000 +0100
++++ b/man/pound.8 2020-11-06 11:28:20.249080056 +0100
+@@ -131,7 +131,7 @@
+ will write its own pid into this file. Normally this is used for shell
+ scripts that control starting and stopping of the daemon.
+ Default:
+-.I /var/run/pound.pid
++.I /run/pound/pound.pid
+ .PP
+ One (or more) copies of
+ .B Pound
+@@ -481,7 +481,7 @@
+ .RE
+ .SH FILES
+ .TP
+-\fI/var/run/pound.pid\fR
++\fI/run/pound/pound.pid\fR
+ this is where
+ .B Pound
+ will attempt to record its process id.
+@@ -496,4 +496,4 @@
+ Copyright \(co 2002-2020 Apsis GmbH.
+ .br
+ This is free software; see the source for copying conditions. There is NO
+-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+\ No newline at end of file
++warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+diff -ruN a/src/config.c b/src/config.c
+--- a/src/config.c 2020-11-03 11:53:10.000000000 +0100
++++ b/src/config.c 2020-11-06 11:28:00.302721953 +0100
+@@ -612,7 +612,7 @@
+
+ memset(&global, '\0', sizeof(global));
+ opterr = 0;
+- global.pid = "/var/run/pound.pid";
++ global.pid = "/run/pound/pound.pid";
+ global.log_level = 0;
+ while((c_opt = getopt(argc, argv, "f:cvd:p:")) > 0)
+ switch(c_opt) {
+@@ -710,4 +710,4 @@
+ if(o_check)
+ exit(0);
+ return;
+-}
+\ No newline at end of file
++}
Copied: pound/repos/community-staging-x86_64/pound.service (from rev 1085527, pound/trunk/pound.service)
===================================================================
--- community-staging-x86_64/pound.service (rev 0)
+++ community-staging-x86_64/pound.service 2021-12-28 11:10:02 UTC (rev 1085528)
@@ -0,0 +1,37 @@
+[Unit]
+Description=A reverse proxy, load balancer, and SSL wrapper
+Documentation=man:pound(8)
+After=syslog.target network-online.target systemd-sysusers.service
+Wants=network-online.target
+
+[Service]
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+DeviceAllow=
+DynamicUser=yes
+ExecStart=/usr/bin/pound
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+PIDFile=/run/pound/pound.pid
+PrivateDevices=yes
+PrivateTmp=true
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=~AF_PACKET AF_NETLINK AF_UNIX
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RuntimeDirectory=pound
+StateDirectory=pound
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@resources @privileged
+Type=forking
+UMask=177
+
+[Install]
+WantedBy=multi-user.target
Copied: pound/repos/community-staging-x86_64/pound.yaml (from rev 1085527, pound/trunk/pound.yaml)
===================================================================
--- community-staging-x86_64/pound.yaml (rev 0)
+++ community-staging-x86_64/pound.yaml 2021-12-28 11:10:02 UTC (rev 1085528)
@@ -0,0 +1,161 @@
+---
+# Pound configuration file. See man 8 pound for further examples.
+#
+# Global Directives
+#
+# Specify the user Pound will run as (must be defined in /etc/passwd).
+# User: "pound"
+
+# Specify the group Pound will run as (must be defined in /etc/group).
+# Group: "pound"
+
+# Specify the directory that Pound will chroot to at runtime. Please note that
+# SSL may require access to /dev/urandom, so make sure you create a device by
+# that name, accessible from the root jail directory. Pound may also require
+# access to /dev/syslog or similar.
+# RootJail: "/"
+
+# Specify a path to an HTML file to be returned in case of a 404 error.
+# Err404: "/path/to/file"
+
+# Specify a path to an HTML file to be returned in case of a 405 error.
+# Err405: "/path/to/file"
+
+# Specify a path to an HTML file to be returned in case of a 500 error.
+# Err500: "/path/to/file"
+
+# Backends
+#
+# A back-end is a definition of a single back-end server Pound will use to
+# reply to incoming requests. Each backend must be marked with an anchor (&).
+Backends:
+ - &default_backend
+ # The address that Pound will connect to. This can be a numeric IP address,
+ # or a symbolic host name that must be resolvable at run-time. This is a
+ # mandatory parameter.
+ Address: localhost
+
+ # The port number that Pound will connect to. This is a mandatory parameter.
+ Port: 8080
+
+ # How long to wait for a backend (server) to complete and operation.
+ # Default: 15 (seconds).
+ Timeout:
+
+ # How many threads will be used to service requests to this backend. See
+ # also below for remarks on performance tuning. Default: 8 (threads).
+ Threads:
+
+ # A header to add to each reply received from this backend. The header is a
+ # string.
+ # HeadAdd:
+
+# HTTPListeners
+#
+# An HTTP listener defines an address and port that Pound will listen on for
+# HTTP requests.
+HTTPListeners:
+ -
+ # The address that Pound will listen on. This can be a numeric IP address,
+ # or a symbolic host name that must be resolvable at run-time. This is a
+ # mandatory parameter. The address 0.0.0.0 may be used as an alias for 'all
+ # available addresses on this machine', but this practice is strongly
+ # discouraged.
+ Address: localhost
+
+ # The port number that Pound will listen on. This is a mandatory parameter.
+ Port: 80
+
+ # Define how long Pound will wait for client activity. Default: 5 (seconds).
+ Client:
+
+ # Define how many threads Pound will use to service client requests.
+ # Default: 8 (threads).
+ Threads:
+
+ # This defines a service. This service will be used only by this listener.
+ Services:
+
+ -
+ # The service will only be used if the request URL matches the given
+ # pattern.
+ URL:
+
+ # Use the service only if any of the request headers matches the given
+ # pattern.
+ HeadRequire:
+
+ # Use the service only if none of the request headers matches the given
+ # pattern.
+ HeadDeny:
+
+ # How long to keep the client sessions (in seconds). Sessions are a
+ # long term association between a client IP address and a specific
+ # backend in this service. A value of 0 seconds means no sessions are
+ # kept. Default: 0.
+ Session:
+
+ # A list of references to previously defined backends.
+ BackEnds:
+ - *default_backend
+
+# HTTPSListeners
+#
+# An HTTP listener defines an address and port that Pound will listen on for
+# HTTP requests.
+HTTPSListeners:
+ # -
+ # The address that Pound will listen on. This can be a numeric IP address,
+ # or a symbolic host name that must be resolvable at run-time. This is a
+ # mandatory parameter. The address 0.0.0.0 may be used as an alias for 'all
+ # available addresses on this machine', but this practice is strongly
+ # discouraged.
+ # Address: localhost
+
+ # The port number that Pound will listen on. This is a mandatory parameter.
+ # Port: 443
+
+ # Define how long Pound will wait for client activity. Default: 5 (seconds).
+ # Client:
+
+ # Define how many threads Pound will use to service client requests.
+ # Default: 8 (threads).
+ # Threads:
+
+ # A file name or a list of file names. Each file must contain a certificate,
+ # optionally additional chained certificates up to a known certificate
+ # authority, and the private key corresponding to the certificate.
+ # Note: the private key should probably not be password-protected, as Pound
+ # normally starts as a daemon and cannot ask for the password at start-up
+ # time.
+ # Certificates:
+
+ # A list of acceptable cipher names for this listener. The negotiation with
+ # the client will result in one of these ciphers being used, or the
+ # hand-shake will fail.
+ # Ciphers:
+
+ # This defines a service. This service will be used only by this listener.
+ # Services:
+ # -
+ # The service will only be used if the request URL matches the given
+ # pattern.
+ # URL:
+
+ # Use the service only if any of the request headers matches the given
+ # pattern.
+ # HeadRequire:
+
+ # Use the service only if none of the request headers matches the given
+ # pattern.
+ # HeadDeny:
+
+ # How long to keep the client sessions (in seconds). Sessions are a
+ # long term association between a client IP address and a specific
+ # backend in this service. A value of 0 seconds means no sessions are
+ # kept. Default: 0.
+ # Session:
+
+ # A list of references to previously defined backends.
+ # BackEnds:
+ # - *default_backend
More information about the arch-commits
mailing list