使用rpmbuild製做Nginx的RPM包

時間 2019-12-05

標籤使用 rpmbuild 製做 nginx rpm 欄目 Nginx 简体版

原文原文鏈接

前言

題圖爲RPM包製做原理圖，有時候爲了方便源碼包的安裝，和咱們本身訂製軟件包的需求，咱們會把一些源碼包按照咱們的需求來作成 rpm 包，當有了源碼包就能夠直接編譯獲得二進制安裝包和其餘任意包。spec file 是製做 rpm 包最核心的部分，rpm 包的製做就是根據 spec file 來實現的。在製做自定義 rpm 包的時候最好不要使用管理員進行, 由於管理員權限過大，若是一個命令寫錯了，結果多是災難性的，而製件一個 rpm 包普通用戶徹底能夠實現。本文主要介紹使用rpmbuild製做Nginx的RPM包，大部分步驟已經使用Bash Shell自動化完成了，你們能夠基於此從新定義。javascript

使用rpmbuild製做Nginx的RPM包

更新歷史

2019年01月16日 - 初稿php

閱讀原文 - https://wsgzao.github.io/post...css

擴展閱讀html

Creating RPM packages - https://docs.fedoraproject.or...
How to create a GNU Hello RPM - https://fedoraproject.org/wik...
使用 rpm-build 製做 nginx 的 rpm 包 - http://blog.51cto.com/nmshuis...java

什麼是RPM

An RPM package is simply a file containing other files and information about them needed by the system. Specifically, an RPM package consists of the cpio archive, which contains the files, and the RPM header, which contains metadata about the package. The rpm package manager uses this metadata to determine dependencies, where to install files, and other information.node

There are two types of RPM packages:mysql

source RPM (SRPM)
binary RPM

SRPMs and binary RPMs share the file format and tooling, but have different contents and serve different purposes. An SRPM contains source code, optionally patches to it, and a SPEC file, which describes how to build the source code into a binary RPM. A binary RPM contains the binaries built from the sources and patches.nginx

RPM 有五種基本的操做功能：安裝、卸載、升級、查詢和驗證。git

Linux 軟件包分爲兩大類：github

二進制類包，包括 rpm 安裝包（通常分爲 i386 和 x86 等幾種）
源碼類包，源碼包和開發包應該歸位此類（.src.rpm）

在 Redhat 下，rpm 包的默認製做路徑在 /usr/src/redhat 下，這其中包含了 6 個目錄（要求所有大寫）。但 Centos 並無該目錄，所以咱們不得不自定義工做車間，即便在 Redhat 下有該目錄，通常也是自定義到普通用戶的家目錄下的

Directory	Usage
BUILD	源代碼解壓之後放的位置，只需提供BUILD目錄，具體裏面放什麼，不用咱們管，因此真正的製做車間是BUILD目錄
RPMS	製做完成後的rpm包存放目錄，爲特定平臺指定子目錄（i386,i686,ppc）
SOURCES	收集的源文件，源材料，補丁文件等存放位置
SPECS	存放spec文件，做爲製做rpm包的領崗文件，以 rpm名.spec
SRPMS	src格式的rpm包位置，既然是src格式的包，就沒有平臺的概念了
BuiltRoot	假根，使用install臨時安裝到這個目錄，把這個目錄看成根來用的，因此在這個目錄下的目錄文件，纔是真正的目錄文件。當打包完成後，在清理階段，這個目錄將被刪除

更詳細的介紹能夠參考 RPM Packaging Guide

https://rpm-packaging-guide.g...

製做 rpm 包

若是你只關心如何使用能夠直接跳過看下文，這裏主要暫時代碼和配置文件

build shell

# luajit.sh
LUAVER=2.0.5
WKDIR="/root/rpmbuild/SOURCES"
cd $WKDIR
wget http://luajit.org/download/LuaJIT-$LUAVER.tar.gz
tar zxf LuaJIT-$LUAVER.tar.gz
rm LuaJIT-$LUAVER.tar.gz
cd LuaJIT-$LUAVER
make BUILDMODE=static
make install
export LUAJIT_LIB=/usr/local/lib
export LUAJIT_INC=/usr/local/include/luajit-2.0

# build.sh
NGX_VER=1.14.1
WKDIR="/root/rpmbuild/SOURCES"
CURRENTDIR=`dirname $(readlink -f "$0")`
echo $CURRENTDIR
export LUAJIT_LIB=/usr/local/lib
export LUAJIT_INC=/usr/local/include/luajit-2.0
cd $WKDIR
wget http://nginx.org/download/nginx-$NGX_VER.tar.gz
tar xzf nginx-$NGX_VER.tar.gz
rm nginx-$NGX_VER.tar.gz
mv nginx-$NGX_VER nginx-garena-$NGX_VER
cd nginx-garena-$NGX_VER/

mkdir -p contrib
cd contrib/
git clone git://github.com/bigplum/Nginx-limit-traffic-rate-module.git
git clone git://github.com/agentzh/headers-more-nginx-module.git
#git clone git://github.com/gnosek/nginx-upstream-fair.git
git clone git://github.com/agentzh/echo-nginx-module.git
#git clone git://github.com/arut/nginx-dav-ext-module.git
git clone git://github.com/r10r/ngx_http_auth_pam_module.git
git clone git://github.com/FRiCKLE/ngx_cache_purge.git
git clone git://github.com/simpl/ngx_devel_kit.git
git clone git://github.com/openresty/lua-nginx-module.git
git clone git://github.com/nbs-system/naxsi.git
rm -rf */.git
cd ..

cp -r $CURRENTDIR/nginx-template/* $WKDIR/nginx-garena-$NGX_VER/
cp $CURRENTDIR/nginx-spec /root/rpmbuild/SPECS/
#cp /root/rules $WKDIR/nginx-garena-$NGX_VER/debian/
cd $WKDIR
tar zcf nginx-garena-$NGX_VER.tar.gz nginx-garena-$NGX_VER/
cd /root/rpmbuild/SPECS/
rpmbuild -ba nginx-spec
cd /root/rpmbuild/RPMS/noarch

nginx-spec

# 1.The introduction section 
Name: nginx-garena                                      # 軟件包名稱
Version: 1.14.1                                         # 版本號
Release: 0                                              # release號
Summary: nginx garena rpm                               # 簡要描述信息
Source0: nginx-garena-1.14.1.tar.gz                     # source主要是引用一下本身定義好的腳本，配置文件之類的內容
License: GPL                                            # 必定帶上（最好是對方源碼包的License）BSD，GPL，GPLv2
Group: Rahul                                            # 要全用這裏面的一個組：less /usr/share/doc/rpm-version/GROUPS
BuildArch: noarch               
BuildRoot: %{_tmppath}/%{name}-buildroot                
%description                                            # 軟件包詳述
Garena self-build Nginx.
%define _binaries_in_noarch_packages_terminate_build   0

# 2.The Prep section 準備階段,主要就是把源碼包解壓到build目錄下，設置一下環境變量，並cd進去
%prep
%setup -q %{name}-%{version}                            # 這個宏的做用靜默模式解壓並cd

# 3.The Build Section 編譯製做階段，這一節主要用於編譯源碼
%build
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr/share/nginx/ \
                    --sbin-path=/usr/sbin/nginx \
                    --conf-path=/etc/nginx/nginx.conf \
                    --error-log-path=/var/log/nginx/error.log \
                    --http-log-path=/var/log/nginx/access.log \
                    --pid-path=/var/run/nginx.pid \
                    --lock-path=/var/lock/nginx.lock \
                    --http-client-body-temp-path=/var/lib/nginx/body \
                    --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
                    --http-proxy-temp-path=/var/lib/nginx/proxy \
                    --http-scgi-temp-path=/var/lib/nginx/scgi \
                    --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
                    --with-pcre-jit \
                    --with-http_flv_module \
                    --with-http_mp4_module \
                    --with-file-aio \
            --with-http_v2_module \
            --with-stream \
            --with-stream_ssl_module \
                    --with-http_auth_request_module \
            --with-http_slice_module \
            --with-threads \
                    --with-http_gunzip_module \
            --with-http_random_index_module \
            --with-http_secure_link_module \
                    --with-http_geoip_module \
                    --with-http_ssl_module \
                    --with-openssl=/usr/local/src/openssl-1.0.2p \
                    --with-http_addition_module \
                    --with-http_geoip_module \
                    --with-http_gzip_static_module \
                    --with-http_realip_module \
                    --with-ipv6 \
                    --without-mail_pop3_module \
                    --without-mail_imap_module \
                    --without-mail_smtp_module \
                    --add-module=contrib/Nginx-limit-traffic-rate-module \
                    --add-module=contrib/headers-more-nginx-module \
                    --add-module=contrib/echo-nginx-module \
                    --add-module=contrib/ngx_http_auth_pam_module \
                    --add-module=contrib/ngx_cache_purge \
                    --add-module=contrib/ngx_devel_kit \
                    --add-module=contrib/lua-nginx-module \
                    --add-module=contrib/naxsi/naxsi_src
make -j8

# 4.Install section  這一節主要用於完成實際安裝軟件必須執行的命令，可包含4種類型腳本
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
make DESTDIR=$RPM_BUILD_ROOT install
install -m 0755 -d $RPM_BUILD_ROOT/etc/nginx/sites-enabled
install -m 0755 -d $RPM_BUILD_ROOT/etc/nginx/sites-available
install -m 0755 -d $RPM_BUILD_ROOT/var/log/nginx
install -m 0755 -d $RPM_BUILD_ROOT/var/lib/nginx
install -D -m 644 conf/sites-available/000_stub_status $RPM_BUILD_ROOT/etc/nginx/sites-available/000_stub_status
install -D -m 644 conf/django_fastcgi_params $RPM_BUILD_ROOT/etc/nginx/django_fastcgi_params
install -D -m 644 conf/naxsi_core.rules $RPM_BUILD_ROOT/etc/nginx/naxsi_core.rules
install -D -m 644 conf/sites-available/000_stub_status $RPM_BUILD_ROOT/etc/nginx/sites-enabled/000_stub_status
install -D -m 644 logrotate.d/nginx $RPM_BUILD_ROOT/etc/logrotate.d/nginx
install -D -m 644 nginx.service $RPM_BUILD_ROOT/usr/lib/systemd/system/nginx.service

# 5.clean section 清理段，clean的主要做用就是刪除BUILD
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%post
useradd -s /sbin/nologin -d /var/www www-data
chown -R www-data.www-data /var/log/nginx /var/lib/nginx
systemctl enable nginx
echo %{name}-%{version} is successfully installed.
systemctl start nginx
# 6.file section 文件列表段，這個階段是把前面已經編譯好的內容要打包了
%files
%defattr(-,root,root)
%dir /etc/nginx
/etc/nginx/*
%dir /usr/src/debug/nginx-garena-1.14.1
/usr/src/debug/nginx-garena-1.14.1/*
/usr/sbin/nginx
%dir /usr/share/nginx
/usr/share/nginx/*
/etc/logrotate.d/nginx
/usr/lib/systemd/system/nginx.service
/usr/lib/debug/*
/usr/lib/debug/.build-id/*
%dir /var/log/nginx
%dir /var/lib/nginx
%config(noreplace) /etc/nginx/nginx.conf

nginx-template

nginx-template
    ├── conf
    │   ├── django_fastcgi_params
    │   ├── naxsi_core.rules
    │   └── sites-available
    │       └── 000_stub_status
    ├── logrotate.d
    │   └── nginx
    ├── nginx.conf
    └── nginx.service

# nginx-rpmbuild-centos7/nginx-template/conf/django_fastcgi_params
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  PATH_INFO          $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

fastcgi_param  HTTP_X_FORWARDED_PROTOCOL        $scheme;

fastcgi_pass_header Authorization;
fastcgi_intercept_errors off;
fastcgi_keep_conn on;

# nginx-rpmbuild-centos7/nginx-template/conf/naxsi_core.rules
##################################
## INTERNAL RULES IDS:1-999     ##
##################################
#@MainRule "msg:weird request, unable to parse" id:1;
#@MainRule "msg:request too big, stored on disk and not parsed" id:2;
#@MainRule "msg:invalid hex encoding, null bytes" id:10;
#@MainRule "msg:unknown content-type" id:11;
#@MainRule "msg:invalid formatted url" id:12;
#@MainRule "msg:invalid POST format" id:13;
#@MainRule "msg:invalid POST boundary" id:14;
#@MainRule "msg:invalid JSON" id:15;
#@MainRule "msg:empty POST" id:16;
#@MainRule "msg:libinjection_sql" id:17;
#@MainRule "msg:libinjection_xss" id:18;

##################################
## SQL Injections IDs:1000-1099 ##
##################################
MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
## Hardcore rules
MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
MainRule "str:|" "msg:mysql keyword (|)"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
## end of hardcore rules
MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
MainRule "str:;" "msg:semicolon" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008;
MainRule "str:=" "msg:equal sign in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009;
MainRule "str:(" "msg:open parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010;
MainRule "str:)" "msg:close parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011;
MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013;
MainRule "str:," "msg:comma" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015;
MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
MainRule "str:@@" "msg:double arobase (@@)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1017;

###############################
## OBVIOUS RFI IDs:1100-1199 ##
###############################
MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104;
MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105;
MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106;
MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107;
MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108;
MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109;
MainRule "str:gopher://" "msg:gopher:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1110;

#######################################
## Directory traversal IDs:1200-1299 ##
#######################################
MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204;
MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205;
#MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206;

########################################
## Cross Site Scripting IDs:1300-1399 ##
########################################
MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
MainRule "str:[" "msg:open square backet ([), possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
MainRule "str:]" "msg:close square bracket (]), possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
MainRule "str:~" "msg:tilde (~) character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
MainRule "str:`"  "msg:grave accent (`)" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
MainRule "rx:%[2|3]."  "msg:double encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;

####################################
## Evading tricks IDs: 1400-1500 ##
####################################
MainRule "str:&#" "msg:utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
MainRule "str:%U" "msg:M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;

#############################
## File uploads: 1500-1600 ##
#############################
MainRule "rx:\.ph|\.asp|\.ht" "msg:asp/php file upload" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;

# nginx-rpmbuild-centos7/nginx-template/logrotate.d/nginx
/var/log/nginx/*.log /var/log/nginx/*/*.log{
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 640 root adm
    sharedscripts
    postrotate
        [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
    endscript
}

# nginx-rpmbuild-centos7/nginx-template/nginx.conf
user www-data;
worker_processes auto;

#worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
worker_rlimit_nofile 655650;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
        worker_connections  10240;
}


http {
#       include       /etc/nginx/naxsi_core.rules;
        include       mime.types;
        default_type  application/octet-stream;
    log_format garena '$remote_addr - $remote_user [$time_iso8601] "$request" $status $body_bytes_sent '
                '"$http_referer" "$http_user_agent" $request_time $upstream_response_time "$http_x_forwarded_for" "$geoip_country_code" "$host"';
        log_format garena_post '$remote_addr - $remote_user [$time_iso8601] "$request" $status $body_bytes_sent '
                '"$http_referer" "$http_user_agent" $request_time $upstream_response_time "$http_x_forwarded_for" "$geoip_country_code" "$host" "$request_body"';
    log_format compact '$time_iso8601|$remote_addr|$geoip_country_code|$http_x_forwarded_for|$status|$request_time|$upstream_response_time|$request_length|$body_bytes_sent|$host|$request|$http_referer|$http_user_agent';
    log_format compact_post '$time_iso8601|$remote_addr|$geoip_country_code|$http_x_forwarded_for|$status|$request_time|$upstream_response_time|$request_length|$body_bytes_sent|$host|$request|$http_referer|$http_user_agent|$request_body';


#       access_log  logs/access.log  main;

        sendfile        on;
#       tcp_nopush     on;

        keepalive_timeout  30;
        fastcgi_keep_conn on;
        tcp_nodelay        on;

        gzip  on;
        gzip_disable "MSIE [1-6]\.(?!.*SV1)";
        gzip_proxied any;
        gzip_buffers 16 8k;
        gzip_types    text/plain application/javascript application/x-javascript text/javascript text/xml text/css application/json;
        gzip_vary on;
        include /etc/nginx/sites-enabled/*;

    set_real_ip_from 10.0.0.0/8;
    real_ip_header    X-Forwarded-For;
#    real_ip_recursive on;
#    geoip_country /usr/share/GeoIP/GeoIP.dat;

        server_tokens off;         # returns "Server: nginx"
    more_clear_headers Server; # doesn't return "Server: " header at all
}

# nginx-rpmbuild-centos7/nginx-template/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=process
KillSignal=SIGQUIT
TimeoutStopSec=5
PrivateTmp=true

[Install]
WantedBy=multi-user.target

Initialize rpmbuild env

# check current os version and kernel
cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
uname -r
3.10.0-862.el7.x86_64

# install lua
sh luajit.sh

# yum install dependencies
yum install -y gcc pam-devel git rpm-build pcre-devel openssl openssl-devel geoip-devel

# mkdir
mkdir -p /root/rpmbuild/SOURCES/
mkdir -p /root/rpmbuild/SPECS/
mkdir -p /root/rpmbuild/RPMS/noarch

# download openssl
cd /usr/local/src
wget https://github.com/openssl/openssl/archive/OpenSSL_1_0_2p.tar.gz
tar xf OpenSSL_1_0_2p.tar.gz
mv openssl-OpenSSL_1_0_2p/ openssl-1.0.2p

# confirm these files are correct
[root@localhost ~]# tree nginx-rpmbuild-centos7/
nginx-rpmbuild-centos7/
├── build.sh
├── conf_buid
│   ├── conf
│   │   ├── django_fastcgi_params
│   │   ├── fastcgi.conf
│   │   ├── fastcgi_params
│   │   ├── koi-utf
│   │   ├── koi-win
│   │   ├── mime.types
│   │   ├── naxsi_core.rules
│   │   ├── nginx.conf
│   │   ├── scgi_params
│   │   ├── sites-available
│   │   │   └── 000_stub_status
│   │   ├── uwsgi_params
│   │   └── win-utf
│   ├── logrotate.d
│   │   └── nginx
│   ├── nginx.conf
│   └── nginx.service
├── luajit.sh
├── nginx-spec
└── nginx-template
    ├── conf
    │   ├── django_fastcgi_params
    │   ├── naxsi_core.rules
    │   └── sites-available
    │       └── 000_stub_status
    ├── logrotate.d
    │   └── nginx
    ├── nginx.conf
    └── nginx.service

8 directories, 24 files

How to build Nginx RPM

# check nginx stable version from official website
http://nginx.org/en/download.html

# check configuration
vim build.sh

NGX_VER=1.14.1
WKDIR="/root/rpmbuild/SOURCES"

# check nginx version
vim nginx-spec

replace 1.14.1 to 1.14.2

# run build.sh
./build.sh

# RPM package
Processing files: nginx-garena-1.14.2-0.noarch
warning: File listed twice: /etc/nginx/nginx.conf
Provides: config(nginx-garena) = 1.14.2-0 nginx-garena = 1.14.2-0
Requires(interp): /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(post): /bin/sh
Requires: libGeoIP.so.1()(64bit) libc.so.6()(64bit) libc.so.6(GLIBC_2.10)(64bit) libc.so.6(GLIBC_2.11)(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.17)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.2)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(GLIBC_2.2.5)(64bit) libdl.so.2()(64bit) libdl.so.2(GLIBC_2.2.5)(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3)(64bit) libm.so.6()(64bit) libm.so.6(GLIBC_2.2.5)(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libpcre.so.1()(64bit) libpthread.so.0()(64bit) libpthread.so.0(GLIBC_2.2.5)(64bit) libpthread.so.0(GLIBC_2.3.2)(64bit) libz.so.1()(64bit) rtld(GNU_HASH)
warning: Arch dependent binaries in noarch package
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/nginx-garena-1.14.2-0.x86_64
Wrote: /root/rpmbuild/SRPMS/nginx-garena-1.14.2-0.src.rpm
Wrote: /root/rpmbuild/RPMS/noarch/nginx-garena-1.14.2-0.noarch.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.iR5dLd
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd nginx-garena-1.14.2
+ '[' /root/rpmbuild/BUILDROOT/nginx-garena-1.14.2-0.x86_64 '!=' / ']'
+ rm -rf /root/rpmbuild/BUILDROOT/nginx-garena-1.14.2-0.x86_64
+ exit 0

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。