[gentoo-commits] repo/gentoo:master commit in: www-servers/h2o/files/, www-servers/h2o/
commit: 24f20ce718815bfd0a2db32f9fb116ec81a9e58c Author: Akinori Hattori gentoo org> AuthorDate: Sun Oct 22 13:38:38 2023 + Commit: Akinori Hattori gentoo org> CommitDate: Sun Oct 22 13:38:38 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24f20ce7 www-servers/h2o: fix CVE-2023-44487 Bug: https://bugs.gentoo.org/915567 Signed-off-by: Akinori Hattori gentoo.org> www-servers/h2o/files/h2o-2.2-CVE-2023-44487.patch | 225 + www-servers/h2o/h2o-2.2.6-r2.ebuild| 107 ++ 2 files changed, 332 insertions(+) diff --git a/www-servers/h2o/files/h2o-2.2-CVE-2023-44487.patch b/www-servers/h2o/files/h2o-2.2-CVE-2023-44487.patch new file mode 100644 index ..71a511ac9ed2 --- /dev/null +++ b/www-servers/h2o/files/h2o-2.2-CVE-2023-44487.patch @@ -0,0 +1,225 @@ +https://github.com/h2o/h2o/pull/3293 + +From 770208bbe3955c47e005a1e8cb08266e4a8dfc9a Mon Sep 17 00:00:00 2001 +From: Remi Gacogne +Date: Tue, 10 Oct 2023 15:47:57 +0200 +Subject: [PATCH] [http2] delay processing requests upon observing suspicious + behavior + +Backport of 94fbc54b6c9309912fe3d53e7b63408bbe9a1b0d to v2.2.x +--- + include/h2o.h| 8 +++ + include/h2o/http2_internal.h | 8 +++ + lib/core/config.c| 1 + + lib/core/configurator.c | 9 + lib/core/context.c | 2 ++ + lib/http2/connection.c | 41 + 6 files changed, 65 insertions(+), 4 deletions(-) + +diff --git a/include/h2o.h b/include/h2o.h +index 57877bd12c..409cd5c21c 100644 +--- a/include/h2o.h b/include/h2o.h +@@ -378,6 +378,10 @@ struct st_h2o_globalconf_t { + * list of callbacks + */ + h2o_protocol_callbacks_t callbacks; ++/** ++ * milliseconds to delay processing requests when suspicious behavior is detected ++ */ ++uint64_t dos_delay; + } http2; + + struct { +@@ -590,6 +594,10 @@ struct st_h2o_context_t { + * timeout entry used for graceful shutdown + */ + h2o_timeout_entry_t _graceful_shutdown_timeout; ++/* ++ * dos timeout ++ */ ++h2o_timeout_t dos_delay_timeout; + struct { + /** + * counter for http2 errors internally emitted by h2o +diff --git a/include/h2o/http2_internal.h b/include/h2o/http2_internal.h +index 5cfc4d8204..b9cf400929 100644 +--- a/include/h2o/http2_internal.h b/include/h2o/http2_internal.h +@@ -179,6 +179,7 @@ struct st_h2o_http2_stream_t { + h2o_linklist_t link; + h2o_http2_scheduler_openref_t scheduler; + } _refs; ++unsigned reset_by_peer : 1; + h2o_send_state_t send_state; /* state of the ostream, only used in push mode */ + /* placed at last since it is large and has it's own ctor */ + h2o_req_t req; +@@ -232,6 +233,13 @@ struct st_h2o_http2_conn_t { + } _write; + h2o_cache_t *push_memo; + h2o_http2_casper_t *casper; ++/** ++ * DoS mitigation; the idea here is to delay processing requests when observing suspicious behavior ++ */ ++struct { ++h2o_timeout_entry_t process_delay; ++size_t reset_budget; /* RST_STREAM frames are considered suspicious when this value goes down to zero */ ++} dos_mitigation; + }; + + int h2o_http2_update_peer_settings(h2o_http2_settings_t *settings, const uint8_t *src, size_t len, const char **err_desc); +diff --git a/lib/core/config.c b/lib/core/config.c +index ce1d320183..08e43a6d30 100644 +--- a/lib/core/config.c b/lib/core/config.c +@@ -189,6 +189,7 @@ void h2o_config_init(h2o_globalconf_t *config) + config->http2.latency_optimization.min_rtt = 50; // milliseconds + config->http2.latency_optimization.max_additional_delay = 10; + config->http2.latency_optimization.max_cwnd = 65535; ++config->http2.dos_delay = 100; /* 100ms processing delay when observing suspicious behavior */ + config->http2.callbacks = H2O_HTTP2_CALLBACKS; + config->mimemap = h2o_mimemap_create(); + +diff --git a/lib/core/configurator.c b/lib/core/configurator.c +index 891770cc2d..4731ba2707 100644 +--- a/lib/core/configurator.c b/lib/core/configurator.c +@@ -531,6 +531,12 @@ static int on_config_http2_casper(h2o_configurator_command_t *cmd, h2o_configura + return 0; + } + ++ ++static int on_config_http2_dos_delay(h2o_configurator_command_t *cmd, h2o_configurator_context_t *ctx, yoml_t *node) ++{ ++return config_timeout(cmd, node, >globalconf->http2.dos_delay); ++} ++ + static int assert_is_mimetype(h2o_configurator_command_t *cmd, yoml_t *node) + { + if (node->type != YOML_TYPE_SCALAR) { +@@ -910,6 +916,9 @@ void h2o_configurator__init_core(h2o_globalconf_t *conf) + on_config_http2_push_preload); + h2o_configurator_define_command(>super, "http2-casper", H2O_CONFIGURATOR_FLAG_GLOBAL | H2O_CONFIGURATOR_FLAG_HOST, +
[gentoo-commits] repo/gentoo:master commit in: www-servers/h2o/files/, www-servers/h2o/
commit: cb0e78c9a028d19e02eb696e3a85090a73887f83 Author: Akinori Hattori gentoo org> AuthorDate: Sat Aug 6 00:43:01 2022 + Commit: Akinori Hattori gentoo org> CommitDate: Sat Aug 6 00:43:01 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb0e78c9 www-servers/h2o: update Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Akinori Hattori gentoo.org> www-servers/h2o/files/h2o-2.3-mruby.patch | 28 ++-- www-servers/h2o/h2o-.ebuild | 12 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/www-servers/h2o/files/h2o-2.3-mruby.patch b/www-servers/h2o/files/h2o-2.3-mruby.patch index 3db3ebae8806..4f64565a675a 100644 --- a/www-servers/h2o/files/h2o-2.3-mruby.patch +++ b/www-servers/h2o/files/h2o-2.3-mruby.patch @@ -1,6 +1,6 @@ --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -174,6 +174,19 @@ +@@ -237,6 +237,19 @@ SET(WSLAY_LIBRARIES -lwslay) ENDIF (NOT WSLAY_FOUND) @@ -20,31 +20,31 @@ IF (ZLIB_FOUND) INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIRS}) LINK_DIRECTORIES(${ZLIB_LIBRARY_DIRS}) -@@ -533,7 +546,7 @@ - ELSE () - SET(MRUBY_TOOLCHAIN "gcc") - ENDIF () --ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby MRUBY_ADDITIONAL_CONFIG=${MRUBY_ADDITIONAL_CONFIG} ruby minirake -+ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby MRUBY_ADDITIONAL_CONFIG=${MRUBY_ADDITIONAL_CONFIG} ruby minirake -v - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby) - LIST(APPEND STANDALONE_SOURCE_FILES - lib/handler/mruby.c -@@ -560,7 +573,7 @@ +@@ -743,7 +756,7 @@ + ADD_CUSTOM_TARGET(mruby + # deps/mruby/tasks/toolchains/clang.rake looks for CC, CXX and LD. + # There are no C++ files in deps/mruby, use the C compiler for linking. +-MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} CC=${CMAKE_C_COMPILER} CXX=${CMAKE_CXX_COMPILER} LD=${CMAKE_C_COMPILER} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby MRUBY_ADDITIONAL_CONFIG=${MRUBY_ADDITIONAL_CONFIG} ruby minirake ++MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} CC=${CMAKE_C_COMPILER} CXX=${CMAKE_CXX_COMPILER} LD=${CMAKE_C_COMPILER} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby MRUBY_ADDITIONAL_CONFIG=${MRUBY_ADDITIONAL_CONFIG} ruby minirake -v + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby + BYPRODUCTS "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/lib/libmruby.a" + "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/mrbgems/mruby-onig-regexp/onigmo-6.2.0/.libs/libonigmo.a" +@@ -777,7 +790,7 @@ # note: the paths need to be determined before libmruby.flags.mak is generated TARGET_LINK_LIBRARIES(h2o "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/lib/libmruby.a" -- "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/mrbgems/mruby-onig-regexp/onigmo-6.1.2/.libs/libonigmo.a" +- "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/mrbgems/mruby-onig-regexp/onigmo-6.2.0/.libs/libonigmo.a" +${ONIG_LIBRARIES} "m") ADD_DEPENDENCIES(h2o mruby) ENDIF (WITH_MRUBY) --- a/deps/mruby-onig-regexp/mrbgem.rake +++ b/deps/mruby-onig-regexp/mrbgem.rake -@@ -103,10 +103,8 @@ +@@ -108,10 +108,8 @@ if spec.respond_to? :search_package and spec.search_package 'onigmo' spec.cc.defines += ['HAVE_ONIGMO_H'] --spec.linker.libraries << 'onig' +-spec.linker.libraries << 'onigmo' elsif spec.respond_to? :search_package and spec.search_package 'oniguruma' spec.cc.defines += ['HAVE_ONIGURUMA_H'] -spec.linker.libraries << 'onig' diff --git a/www-servers/h2o/h2o-.ebuild b/www-servers/h2o/h2o-.ebuild index cd6fd817fc38..fc47d03e7abb 100644 --- a/www-servers/h2o/h2o-.ebuild +++ b/www-servers/h2o/h2o-.ebuild @@ -1,8 +1,7 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="8" -CMAKE_MAKEFILE_GENERATOR="emake" SSL_DEPS_SKIP=1 USE_RUBY="ruby26 ruby27" @@ -20,10 +19,14 @@ IUSE="libh2o +mruby" RDEPEND="acct-group/h2o acct-user/h2o dev-lang/perl + dev-libs/openssl:0= !sci-libs/libh2o + sys-libs/libcap sys-libs/zlib - libh2o? ( dev-libs/libuv ) - dev-libs/openssl:0=" + libh2o? ( + app-arch/brotli + dev-libs/libuv + )" DEPEND="${RDEPEND} mruby? ( ${RUBY_DEPS} @@ -66,6 +69,7 @@ src_prepare() { src_configure() { local mycmakeargs=( -DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/${PN} +
[gentoo-commits] repo/gentoo:master commit in: www-servers/h2o/files/, www-servers/h2o/
commit: 56d9c51fe6a474950f04fe2597fc7d768c4c9d04 Author: Akinori Hattori gentoo org> AuthorDate: Wed Jul 4 13:56:33 2018 + Commit: Akinori Hattori gentoo org> CommitDate: Wed Jul 4 13:56:33 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56d9c51f www-servers/h2o: use system oniguruma Closes: https://bugs.gentoo.org/655462 Package-Manager: Portage-2.3.40, Repoman-2.3.9 www-servers/h2o/files/h2o-2.2-mruby.patch | 67 www-servers/h2o/files/h2o-2.3-mruby.patch | 73 +++ www-servers/h2o/h2o-2.2.4.ebuild | 15 +-- www-servers/h2o/h2o-.ebuild | 12 - 4 files changed, 162 insertions(+), 5 deletions(-) diff --git a/www-servers/h2o/files/h2o-2.2-mruby.patch b/www-servers/h2o/files/h2o-2.2-mruby.patch new file mode 100644 index 000..e542ba8b64d --- /dev/null +++ b/www-servers/h2o/files/h2o-2.2-mruby.patch @@ -0,0 +1,67 @@ +--- a/CMakeLists.txt b/CMakeLists.txt +@@ -157,6 +157,16 @@ + SET(WSLAY_LIBRARIES -lwslay) + ENDIF (NOT WSLAY_FOUND) + ++IF (PKG_CONFIG_FOUND) ++PKG_CHECK_MODULES(ONIG oniguruma) ++IF (ONIG_FOUND) ++LINK_DIRECTORIES(${ONIG_LIBRARY_DIRS}) ++ENDIF (ONIG_FOUND) ++ENDIF (PKG_CONFIG_FOUND) ++IF (NOT ONIG_FOUND AND WITH_RUBY) ++MESSAGE(FATAL_ERROR "Oniguruma not found") ++ENDIF (NOT ONIG_FOUND AND WITH_RUBY) ++ + IF (ZLIB_FOUND) + INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIRS}) + LINK_DIRECTORIES(${ZLIB_LIBRARY_DIRS}) +@@ -460,7 +470,7 @@ + ELSE () + SET(MRUBY_TOOLCHAIN "gcc") + ENDIF () +-ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby ruby minirake ++ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby ruby minirake -v + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby) + LIST(APPEND STANDALONE_SOURCE_FILES + lib/handler/mruby.c +@@ -491,7 +501,7 @@ + # note: the paths need to be determined before libmruby.flags.mak is generated + TARGET_LINK_LIBRARIES(h2o + "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/lib/libmruby.a" +- "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/mrbgems/mruby-onig-regexp/onigmo-6.1.1/.libs/libonigmo.a" ++${ONIG_LIBRARIES} + "m") + ADD_DEPENDENCIES(h2o mruby) + ENDIF (WITH_MRUBY) +--- a/deps/mruby-onig-regexp/mrbgem.rake b/deps/mruby-onig-regexp/mrbgem.rake +@@ -101,9 +101,7 @@ + cc.defines += ['HAVE_ONIGMO_H'] + end + +- if spec.respond_to? :search_package and spec.search_package 'onigmo' +-spec.cc.defines += ['HAVE_ONIGMO_H'] +- elsif spec.respond_to? :search_package and spec.search_package 'oniguruma' ++ if spec.respond_to? :search_package and spec.search_package 'oniguruma' + spec.cc.defines += ['HAVE_ONIGURUMA_H'] + elsif build.cc.respond_to? :search_header_path and build.cc.search_header_path 'oniguruma.h' + spec.linker.libraries << 'onig' +--- a/misc/mruby_config.rb b/misc/mruby_config.rb +@@ -15,13 +15,7 @@ + # use mrbgems + Dir.glob("../mruby-*/mrbgem.rake") do |x| + g = File.basename File.dirname x +-if g == 'mruby-onig-regexp' +- conf.gem "../deps/#{g}" do |c| +-c.bundle_onigmo +- end +-else +- conf.gem "../deps/#{g}" +-end ++conf.gem "../deps/#{g}" + end + + # include all the core GEMs diff --git a/www-servers/h2o/files/h2o-2.3-mruby.patch b/www-servers/h2o/files/h2o-2.3-mruby.patch new file mode 100644 index 000..a0ad25eba27 --- /dev/null +++ b/www-servers/h2o/files/h2o-2.3-mruby.patch @@ -0,0 +1,73 @@ +--- a/CMakeLists.txt b/CMakeLists.txt +@@ -174,6 +174,16 @@ + SET(WSLAY_LIBRARIES -lwslay) + ENDIF (NOT WSLAY_FOUND) + ++IF (PKG_CONFIG_FOUND) ++PKG_CHECK_MODULES(ONIG oniguruma) ++IF (ONIG_FOUND) ++LINK_DIRECTORIES(${ONIG_LIBRARY_DIRS}) ++ENDIF (ONIG_FOUND) ++ENDIF (PKG_CONFIG_FOUND) ++IF (NOT ONIG_FOUND AND WITH_RUBY) ++MESSAGE(FATAL_ERROR "Oniguruma not found") ++ENDIF (NOT ONIG_FOUND AND WITH_RUBY) ++ + IF (ZLIB_FOUND) + INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIRS}) + LINK_DIRECTORIES(${ZLIB_LIBRARY_DIRS}) +@@ -533,7 +543,7 @@ + ELSE () + SET(MRUBY_TOOLCHAIN "gcc") + ENDIF () +-ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby MRUBY_ADDITIONAL_CONFIG=${MRUBY_ADDITIONAL_CONFIG} ruby minirake ++ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby MRUBY_ADDITIONAL_CONFIG=${MRUBY_ADDITIONAL_CONFIG} ruby minirake -v + WORKING_DIRECTORY
[gentoo-commits] repo/gentoo:master commit in: www-servers/h2o/files/, www-servers/h2o/
commit: c68e501b8b299cdd5dbd42f6f26dcd32fbb911a3 Author: Akinori Hattori gentoo org> AuthorDate: Wed Jul 4 12:59:44 2018 + Commit: Akinori Hattori gentoo org> CommitDate: Wed Jul 4 13:23:46 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c68e501b www-servers/h2o: tidy Package-Manager: Portage-2.3.40, Repoman-2.3.9 www-servers/h2o/files/h2o.logrotate | 7 -- www-servers/h2o/h2o-2.2.4.ebuild| 44 - www-servers/h2o/h2o-.ebuild | 36 -- www-servers/h2o/metadata.xml| 1 + 4 files changed, 44 insertions(+), 44 deletions(-) diff --git a/www-servers/h2o/files/h2o.logrotate b/www-servers/h2o/files/h2o.logrotate index b901bcfacb1..166b6e7f17b 100644 --- a/www-servers/h2o/files/h2o.logrotate +++ b/www-servers/h2o/files/h2o.logrotate @@ -1,8 +1,11 @@ +# h2o logrotate script for Gentoo + /var/log/h2o/*.log { missingok - delaycompress + notifempty sharedscripts + delaycompress postrotate - test -r $(grep pid-file "/etc/h2o/h2o.conf" | cut -d' ' -f2) && kill -HUP $(pidof h2o) + /bin/kill -HUP $(grep pid-file "/etc/h2o/h2o.conf" | cut -d' ' -f2 | cat) 2>/dev/null || true endscript } diff --git a/www-servers/h2o/h2o-2.2.4.ebuild b/www-servers/h2o/h2o-2.2.4.ebuild index 10c508037d7..579c8e92940 100644 --- a/www-servers/h2o/h2o-2.2.4.ebuild +++ b/www-servers/h2o/h2o-2.2.4.ebuild @@ -1,14 +1,14 @@ # Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI="6" CMAKE_MAKEFILE_GENERATOR="emake" USE_RUBY="ruby23 ruby24" inherit cmake-utils ruby-single systemd user -DESCRIPTION="An optimized HTTP server with support for HTTP/1.x and HTTP/2" -HOMEPAGE="https://h2o.examp1e.net; +DESCRIPTION="H2O - the optimized HTTP/1, HTTP/2 server" +HOMEPAGE="https://h2o.examp1e.net/; SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" LICENSE="MIT" @@ -16,7 +16,8 @@ SLOT="0" KEYWORDS="~amd64 ~x86" IUSE="libressl +mruby" -RDEPEND=" +RDEPEND="dev-lang/perl + sys-libs/zlib !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl:0= )" DEPEND="${RDEPEND} @@ -28,22 +29,14 @@ DEPEND="${RDEPEND} PATCHES=( "${FILESDIR}"/${P}-libressl.patch ) pkg_setup() { - enewgroup h2o - enewuser h2o -1 -1 -1 h2o -} - -src_prepare() { - # Leave optimization level to user CFLAGS - sed -i 's/-O2 -g ${CC_WARNING_FLAGS} //g' ./CMakeLists.txt \ - || die "sed fix failed!" - - cmake-utils_src_prepare + enewgroup ${PN} + enewuser ${PN} -1 -1 -1 ${PN} } src_configure() { local mycmakeargs=( - -DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/h2o - -DWITH_MRUBY="$(usex mruby)" + -DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/${PN} + -DWITH_MRUBY=$(usex mruby) -DWITHOUT_LIBS=ON ) cmake-utils_src_configure @@ -52,17 +45,18 @@ src_configure() { src_install() { cmake-utils_src_install - newinitd "${FILESDIR}"/h2o.initd h2o - systemd_dounit "${FILESDIR}"/h2o.service - - insinto /etc/h2o - doins "${FILESDIR}"/h2o.conf + keepdir /var/www/localhost/htdocs - keepdir /var/log/h2o - fperms 0700 /var/log/h2o + insinto /etc/${PN} + doins "${FILESDIR}"/${PN}.conf - keepdir /var/www/localhost/htdocs + newinitd "${FILESDIR}"/${PN}.initd ${PN} + systemd_dounit "${FILESDIR}"/${PN}.service insinto /etc/logrotate.d - newins "${FILESDIR}"/h2o.logrotate h2o + newins "${FILESDIR}"/${PN}.logrotate ${PN} + + keepdir /var/log/${PN} + fowners ${PN}:${PN} /var/log/${PN} + fperms 0750 /var/log/${PN} } diff --git a/www-servers/h2o/h2o-.ebuild b/www-servers/h2o/h2o-.ebuild index b0583fd8855..d6c5d65d823 100644 --- a/www-servers/h2o/h2o-.ebuild +++ b/www-servers/h2o/h2o-.ebuild @@ -1,14 +1,14 @@ # Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI="6" CMAKE_MAKEFILE_GENERATOR="emake" USE_RUBY="ruby23 ruby24" inherit cmake-utils git-r3 ruby-single systemd user -DESCRIPTION="An optimized HTTP server with support for HTTP/1.x and HTTP/2" -HOMEPAGE="https://h2o.examp1e.net; +DESCRIPTION="H2O - the optimized HTTP/1, HTTP/2 server" +HOMEPAGE="https://h2o.examp1e.net/; EGIT_REPO_URI="https://github.com/${PN}/${PN}.git; LICENSE="MIT" @@ -16,7 +16,8 @@ SLOT="0" KEYWORDS="" IUSE="libressl +mruby" -RDEPEND=" +RDEPEND="dev-lang/perl + sys-libs/zlib !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl:0= )" DEPEND="${RDEPEND} @@ -26,14 +27,14 @@ DEPEND="${RDEPEND} )" pkg_setup() { - enewgroup h2o - enewuser h2o -1 -1 -1 h2o +
[gentoo-commits] repo/gentoo:master commit in: www-servers/h2o/files/, www-servers/h2o/
commit: 7de7699a136a5f2092f9050ba3f53ff2965e7cfb Author: csmk chaoslab org> AuthorDate: Fri Jun 30 12:45:51 2017 + Commit: Michał Górny gentoo org> CommitDate: Wed Jul 5 19:49:53 2017 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7de7699a www-servers/h2o: New package H2O is a new generation HTTP server that provides quicker response to users with less CPU utilization when compared to older generation of web servers. Designed from ground-up, the server takes full advantage of HTTP/2 features including prioritized content serving and server push, promising outstanding experience to the visitors of your web site. Base for ebuild from https://github.com/csmk/frabjous. Bug: https://bugs.gentoo.org/623160 Closes: https://github.com/gentoo/gentoo/pull/5015 www-servers/h2o/Manifest| 1 + www-servers/h2o/files/h2o.conf | 30 www-servers/h2o/files/h2o.initd | 51 +++ www-servers/h2o/files/h2o.logrotate | 8 + www-servers/h2o/files/h2o.service | 13 +++ www-servers/h2o/h2o-2.2.2.ebuild| 69 + www-servers/h2o/h2o-.ebuild | 69 + www-servers/h2o/metadata.xml| 23 + 8 files changed, 264 insertions(+) diff --git a/www-servers/h2o/Manifest b/www-servers/h2o/Manifest new file mode 100644 index 000..21a5c58c1c4 --- /dev/null +++ b/www-servers/h2o/Manifest @@ -0,0 +1 @@ +DIST h2o-2.2.2.tar.gz 16192602 SHA256 cf45780058566bd63d90ad0b52b1d15f8515519090753398b9bcf770162a0433 SHA512 b5cc08f2be7056bbac4370f9b6ccb1ba0ad4ea61ce67e946a4f26b8f9c0a575f603c899b1a88f17d1065e0e72e1d1094199200ed24b4f3644a3c7df34aa04b51 WHIRLPOOL d9aff2d3e7caa0334efbac86a807fe8ecd5f146ae56315a5194b8de653ae4f91d33cad754714cd38fadd1c59d87cafe30c1f5f6cb2102362a7647ebd3f18dc84 diff --git a/www-servers/h2o/files/h2o.conf b/www-servers/h2o/files/h2o.conf new file mode 100644 index 000..ccca5dd2de5 --- /dev/null +++ b/www-servers/h2o/files/h2o.conf @@ -0,0 +1,30 @@ +# see /usr/share/doc/h2o/index.html for detailed documentation +# see h2o --help for command-line options and settings + +user: h2o +pid-file: /run/h2o.pid +access-log: /var/log/h2o/access.log +error-log: /var/log/h2o/error.log + +# httpoxy mitigation (https://httpoxy.org) +# see https://github.com/h2o/h2o/pull/996 +setenv: + HTTP_PROXY: "" + +listen: 80 + +#listen: +# port: 443 +#ssl: +# minimum-version: TLSv1.2 +# certificate-file: /etc/h2o/server.crt +# key-file: /etc/h2o/server.key + +hosts: + "localhost:80": +paths: + "/": +file.dir: /var/www/localhost/htdocs + "/doc": +file.dir: /usr/share/doc/h2o/ +file.index: [ 'index.html' ] diff --git a/www-servers/h2o/files/h2o.initd b/www-servers/h2o/files/h2o.initd new file mode 100644 index 000..ad598a5f619 --- /dev/null +++ b/www-servers/h2o/files/h2o.initd @@ -0,0 +1,51 @@ +#!/sbin/openrc-run +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="configtest" +extra_started_commands="reload" +description="An optimized HTTP/1.x, HTTP/2 server" +description_configtest="Run H2O' internal config check" +description_reload="Reload the H2O configuration or upgrade the binary without losing connections" + +: ${config:="/etc/h2o/h2o.conf"} +pidfile=$(grep pid-file "${config}" | cut -d' ' -f2) + +name="H2O" +command="/usr/bin/h2o" +command_args="-m daemon -c ${config}" +required_files="$config" + +depend() { + use net + after logger +} + +start_pre() { + if [ "${RC_CMD}" != "restart" ]; then + configtest || return 1 + fi +} + +stop_pre() { + if [ "${RC_CMD}" = "restart" ]; then + configtest || return 1 + fi +} + +reload() { + configtest || return 1 + ebegin "Refreshing ${name} configuration" + kill -HUP $(cat ${pidfile}) &>/dev/null + eend $? "Failed to reload ${name}" +} + +configtest() { + ebegin "Checking ${name} configuration" + + if ! ${command} -c ${config} -t &>/dev/null; then + ${command} -c ${config} -t + fi + + eend $? "Failed, please correct the errors above" +} diff --git a/www-servers/h2o/files/h2o.logrotate b/www-servers/h2o/files/h2o.logrotate new file mode 100644 index 000..b901bcfacb1 --- /dev/null +++ b/www-servers/h2o/files/h2o.logrotate @@ -0,0 +1,8 @@ +/var/log/h2o/*.log { + missingok + delaycompress + sharedscripts + postrotate + test -r $(grep pid-file "/etc/h2o/h2o.conf" | cut -d' ' -f2) && kill -HUP $(pidof h2o) + endscript +} diff --git a/www-servers/h2o/files/h2o.service b/www-servers/h2o/files/h2o.service new file mode 100644 index 000..fe32c45cd90 --- /dev/null +++ b/www-servers/h2o/files/h2o.service @@ -0,0 +1,13 @@ +[Unit] +Description=An optimized