[packages/pound/pound-4] - new URL, updated to maintained pound 4.x fork; restored config from pound 2.8
qboosh
qboosh at pld-linux.org
Sat Apr 8 17:51:31 CEST 2023
commit ed5001c5d58decf72d94245a86894c1d2ddc5a29
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Sat Apr 8 17:53:53 2023 +0200
- new URL, updated to maintained pound 4.x fork; restored config from pound 2.8
mbedtls3.patch | 92 -----------------------------------------------------
pound-hash-UL.patch | 20 ++++++++++++
pound-man.patch | 27 ++++++----------
pound.cfg | 66 ++++++++++++++++++++++++++++++++++++++
pound.init | 4 +--
pound.spec | 58 ++++++++++++++++++---------------
pound.yaml | 36 ---------------------
tcmalloc.patch | 15 ---------
8 files changed, 129 insertions(+), 189 deletions(-)
---
diff --git a/pound.spec b/pound.spec
index e928ffc..e659374 100644
--- a/pound.spec
+++ b/pound.spec
@@ -8,28 +8,24 @@
Summary: Pound - reverse-proxy and load-balancer
Summary(pl.UTF-8): Pound - odwrotne proxy i load-balancer
Name: pound
-Version: 3.0.2
-Release: 3
+Version: 4.6
+Release: 1
License: GPL v3
Group: Networking/Daemons
-Source0: http://www.apsis.ch/pound/Pound-%{version}.tgz
-# Source0-md5: c0f5af4cd6aa184c00f4848ae1c4536a
-Source1: %{name}.yaml
+#Source0Download: https://github.com/graygnuorg/pound/releases
+Source0: https://github.com/graygnuorg/pound/releases/download/v%{version}/pound-%{version}.tar.gz
+# Source0-md5: 4f77be83122a3e45cfd2487e4b4947ba
+Source1: %{name}.cfg
Source2: %{name}.init
Source3: %{name}.sysconfig
Source5: %{name}.tmpfiles
-Patch0: tcmalloc.patch
-Patch1: pound-man.patch
-Patch2: mbedtls3.patch
-URL: https://www.apsis.ch/pound.html
-BuildRequires: cmake >= 3.0
+Patch0: %{name}-man.patch
+Patch1: %{name}-hash-UL.patch
+URL: https://github.com/graygnuorg/pound
%{?with_tcmalloc:BuildRequires: libtcmalloc-devel}
-BuildRequires: mbedtls-devel
-BuildRequires: nanomsg-devel
-BuildRequires: pcre2-8-devel
-BuildRequires: pcre2-posix-devel
+BuildRequires: openssl-devel >= 1.1
+BuildRequires: pcre-devel >= 7.8
BuildRequires: rpmbuild(macros) >= 1.644
-BuildRequires: yaml-devel
Requires(post,preun): /sbin/chkconfig
Requires(postun): /usr/sbin/groupdel
Requires(postun): /usr/sbin/userdel
@@ -62,26 +58,32 @@ jest rozpowszechniany na licencji GPL - bez gwarancji, z możliwością
swobodnego używania, kopiowania i rozdawania.
%prep
-%setup -q -n Pound-%{version}
+%setup -q
%patch0 -p1
%patch1 -p1
-%patch2 -p1
%build
-install -d build
-cd build
-%cmake .. \
- %{?with_tcmalloc:-DWANT_TCMALLOC:BOOL=ON}
+%configure \
+ ac_cv_lib_nsl_gethostbyaddr=no \
+ ac_cv_lib_socket_socket=no \
+ --disable-hoard \
+ --enable-pcreposix \
+ --enable-tcmalloc%{!?with_tcmalloc:=no} \
+ --with-group=pound \
+ --with-maxbuf=6144 \
+ --with-owner=pound
+
%{__make}
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sbindir},%{_mandir}/man8,%{_sysconfdir},/etc/{sysconfig,rc.d/init.d}} \
+install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{sysconfig,rc.d/init.d}} \
$RPM_BUILD_ROOT/var/run/%{name} \
$RPM_BUILD_ROOT%{systemdtmpfilesdir}
-install -p build/pound $RPM_BUILD_ROOT%{_sbindir}
-cp -p man/pound.8 $RPM_BUILD_ROOT%{_mandir}/man8
+%{__make} install \
+ DESTDIR=$RPM_BUILD_ROOT
+
cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}
install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/%{name}
@@ -112,12 +114,16 @@ fi
%files
%defattr(644,root,root,755)
-%doc README.md
+%doc AUTHORS ChangeLog ChangeLog.apsis NEWS README THANKS
+%attr(755,root,root) %{_bindir}/poundctl
%attr(755,root,root) %{_sbindir}/pound
+%{_datadir}/pound
%dir %{_sysconfdir}
-%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/pound.yaml
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/pound.cfg
%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name}
%attr(754,root,root) /etc/rc.d/init.d/%{name}
+%{_mandir}/man5/poundctl.tmpl.5*
%{_mandir}/man8/pound.8*
+%{_mandir}/man8/poundctl.8*
%{systemdtmpfilesdir}/%{name}.conf
%dir /var/run/%{name}
diff --git a/mbedtls3.patch b/mbedtls3.patch
deleted file mode 100644
index 0b4d0b1..0000000
--- a/mbedtls3.patch
+++ /dev/null
@@ -1,92 +0,0 @@
---- Pound-3.0.1/include/pound.h.in~ 2021-08-23 17:31:52.000000000 +0200
-+++ Pound-3.0.1/include/pound.h.in 2022-04-05 12:35:33.796420709 +0200
-@@ -68,8 +68,7 @@
- #include <grp.h>
- #include <signal.h>
- #include <setjmp.h>
--#include <mbedtls/config.h>
--#include <mbedtls/certs.h>
-+#include <mbedtls/build_info.h>
- #include <mbedtls/oid.h>
- #include <mbedtls/asn1.h>
- #include <mbedtls/x509.h>
---- Pound-3.0.1/CMakeLists.txt~ 2022-04-04 23:23:36.000000000 +0200
-+++ Pound-3.0.1/CMakeLists.txt 2022-04-05 12:36:14.645777663 +0200
-@@ -28,7 +28,7 @@
- find_package(Threads REQUIRED)
-
- include(CheckIncludeFiles)
--CHECK_INCLUDE_FILES("stdio.h;pthread.h;yaml.h;nanomsg/nn.h;nanomsg/inproc.h;nanomsg/pipeline.h;nanomsg/pair.h;nanomsg/reqrep.h;stdlib.h;unistd.h;fcntl.h;ctype.h;getopt.h;string.h;syslog.h;sys/types.h;sys/socket.h;netdb.h;sys/stat.h;time.h;poll.h;semaphore.h;pwd.h;grp.h;signal.h;setjmp.h;mbedtls/config.h;mbedtls/certs.h;mbedtls/oid.h;mbedtls/asn1.h;mbedtls/x509.h;mbedtls/entropy.h;mbedtls/ctr_drbg.h;mbedtls/ssl.h;mbedtls/error.h" HAVE_MANDATORY_INCLUDES LANGUAGE C)
-+CHECK_INCLUDE_FILES("stdio.h;pthread.h;yaml.h;nanomsg/nn.h;nanomsg/inproc.h;nanomsg/pipeline.h;nanomsg/pair.h;nanomsg/reqrep.h;stdlib.h;unistd.h;fcntl.h;ctype.h;getopt.h;string.h;syslog.h;sys/types.h;sys/socket.h;netdb.h;sys/stat.h;time.h;poll.h;semaphore.h;pwd.h;grp.h;signal.h;setjmp.h;mbedtls/oid.h;mbedtls/build_info.h;mbedtls/asn1.h;mbedtls/x509.h;mbedtls/entropy.h;mbedtls/ctr_drbg.h;mbedtls/ssl.h;mbedtls/error.h" HAVE_MANDATORY_INCLUDES LANGUAGE C)
- if(NOT HAVE_MANDATORY_INCLUDES)
- message(FATAL_ERROR "Missing mandatory header files!")
- endif()
---- Pound-3.0.2/src/config.c.orig 2021-11-28 17:04:25.000000000 +0100
-+++ Pound-3.0.2/src/config.c 2022-04-05 13:03:00.802981794 +0200
-@@ -63,6 +63,19 @@
- return res;
- }
-
-+static int mbedtls_rnd( void *rng_state, unsigned char *output, size_t len )
-+{
-+ size_t i;
-+
-+ if( rng_state != NULL )
-+ rng_state = NULL;
-+
-+ for( i = 0; i < len; ++i )
-+ output[i] = rand();
-+
-+ return(0);
-+}
-+
- static void
- get_global(yaml_document_t *document, yaml_node_t *root)
- {
-@@ -380,11 +393,11 @@
- if(mbedtls_x509_crt_parse_file(&res->certificate, filename))
- fatal("SNI: can't read certificate %s", filename);
- mbedtls_pk_init(&res->key);
-- if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL))
-+ if(mbedtls_pk_parse_keyfile(&res->key, filename, NULL, mbedtls_rnd, NULL))
- fatal("SNI: can't read key %s", filename);
- utarray_new(hosts, ®ex_icd);
- for(cur = &res->certificate; cur != NULL; cur = cur->next) {
-- if(mbedtls_pk_check_pair(&cur->pk, &res->key))
-+ if(mbedtls_pk_check_pair(&cur->pk, &res->key, mbedtls_rnd, NULL))
- continue;
- for(nd = &cur->subject; nd != NULL; nd = nd->next)
- if(MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &nd->oid) == 0) {
---- Pound-3.0.2/src/http.c~ 2021-11-28 17:04:25.000000000 +0100
-+++ Pound-3.0.2/src/http.c 2022-04-05 13:30:02.176298374 +0200
-@@ -476,6 +476,7 @@
-
- typedef struct cookie {
- mbedtls_ssl_context *fd;
-+ mbedtls_net_context *ssl_fd;
- } COOKIE;
-
- static size_t
-@@ -506,13 +507,11 @@
- {
- COOKIE *c;
- int res;
-- mbedtls_net_context *ssl_fd;
-
- c = (COOKIE *)cv;
- res = mbedtls_ssl_close_notify(c->fd);
-- ssl_fd = c->fd->p_bio;
-+ mbedtls_net_free(c->ssl_fd);
- mbedtls_ssl_free(c->fd);
-- mbedtls_net_free(ssl_fd);
- return res;
- }
-
-@@ -580,6 +579,7 @@
- crt_buf[0] = '\0';
- /* for HTTP2: !strcmp(mbedtls_ssl_get_alpn_protocol(&ssl), "h2"), but we don't really need it */
- c.fd = &ssl;
-+ c.ssl_fd = &ssl_client;
- cio.read = (cookie_read_function_t *)c_read;
- cio.write = (cookie_write_function_t *)c_write;
- cio.seek = NULL;
diff --git a/pound-hash-UL.patch b/pound-hash-UL.patch
new file mode 100644
index 0000000..7e48b25
--- /dev/null
+++ b/pound-hash-UL.patch
@@ -0,0 +1,20 @@
+--- pound-4.6/src/svc.c.orig 2023-03-06 19:44:39.000000000 +0100
++++ pound-4.6/src/svc.c 2023-04-08 17:28:27.899930763 +0200
+@@ -31,7 +31,7 @@ session_hash (const SESSION *e)
+ char *k;
+
+ k = e->key;
+- res = 2166136261;
++ res = 2166136261UL;
+ while (*k)
+ res = ((res ^ *k++) * 16777619) & 0xFFFFFFFF;
+ return res;
+@@ -526,7 +526,7 @@ hash_backend (BACKEND_HEAD *head, int ab
+ BACKEND *res, *tb;
+ int pri;
+
+- hv = 2166136261;
++ hv = 2166136261UL;
+ while (*key)
+ hv = ((hv ^ *key++) * 16777619) & 0xFFFFFFFF;
+ pri = hv % abs_pri;
diff --git a/pound-man.patch b/pound-man.patch
index f8c4279..972e85c 100644
--- a/pound-man.patch
+++ b/pound-man.patch
@@ -1,20 +1,11 @@
---- Pound-3.0.1/man/pound.8~ 2021-08-23 17:31:52.000000000 +0200
-+++ Pound-3.0.1/man/pound.8 2021-10-25 23:01:19.549793482 +0200
-@@ -131,7 +131,7 @@
- will write its own pid into this file. Normally this is used for shell
- scripts that control starting and stopping of the daemon.
- Default:
--.I /var/run/pound.pid
-+.I /var/run/pound/pound.pid
- .PP
- One (or more) copies of
- .B Pound
-@@ -481,7 +481,7 @@
- .RE
+--- pound-4.6/doc/pound.8.orig 2023-03-07 21:07:58.000000000 +0100
++++ pound-4.6/doc/pound.8 2023-04-08 17:03:32.874696677 +0200
+@@ -2186,7 +2186,7 @@ End
+ .EE
.SH FILES
.TP
--\fI/var/run/pound.pid\fR
-+\fI/var/run/pound/pound.pid\fR
- this is where
- .B Pound
- will attempt to record its process id.
+-.B /var/run/pound.pid
++.B /var/run/pound/pound.pid
+ This is where
+ .B pound
+ will attempt to record its process id. The exact location is
diff --git a/pound.cfg b/pound.cfg
new file mode 100644
index 0000000..0991efb
--- /dev/null
+++ b/pound.cfg
@@ -0,0 +1,66 @@
+# Default pound.cfg
+# vim:ft=sh
+#
+# Pound listens on port 80 for HTTP and port 443 for HTTPS
+# and distributes requests to 2 backends running on localhost.
+# see pound(8) for configuration directives.
+# You can enable/disable backends with poundctl(8).
+#
+
+User "pound"
+Group "pound"
+Control "/var/run/pound/pctl.sock"
+
+# Log errors to this fil
+ErrorLog /var/log/pound/pound.log
+
+## Log accesses to a file - patch not ported to v4
+#LogFile /var/log/pound/access.log
+
+# Specify the logging level. This value can be overridden for specific listeners.
+# 0 for no logging,
+# 1 (default) for regular logging,
+# 2 for extended logging (show chosen backend server as well),
+# 3 for Apache-like format (Combined Log Format with Virtual Host),
+# 4 (same as 3 but without the virtual host information) and
+# 5 (same as 4 but with information about the Service and BackEnd used).
+LogLevel 4
+
+# Check for backend health every 5 secs
+Alive 5
+
+# Global Client timeout value
+Client 5
+
+# Rise from default 128
+Threads 2048
+
+ListenHTTP
+ Address 0.0.0.0
+ Port 80
+End
+
+ListenHTTPS
+ Address 0.0.0.0
+ Port 443
+ Cert "/etc/pki/pound.pem"
+
+ Disable SSLv3
+ SSLAllowClientRenegotiation 0
+ SSLHonorCipherOrder 1
+ Ciphers "ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
+ AddHeader "HTTPS: on"
+ RewriteLocation 0
+End
+
+Service
+ BackEnd
+ Address 127.0.0.1
+ Port 8000
+ End
+
+ BackEnd
+ Address 127.0.0.1
+ Port 8001
+ End
+End
diff --git a/pound.init b/pound.init
index 38c8fc1..09ed5f2 100755
--- a/pound.init
+++ b/pound.init
@@ -30,7 +30,7 @@ fi
configtest() {
local instance="$1"
- pound -c -f /etc/pound/$instance.yaml > /dev/null
+ pound -c -f /etc/pound/$instance.cfg > /dev/null
}
# check if the $1 instance is up
@@ -93,7 +93,7 @@ start() {
PIDFILE=/var/run/pound/$instance.pid
start-stop-daemon --start \
--exec /usr/sbin/pound \
- --pidfile $PIDFILE -- -v -f /etc/pound/$instance.yaml -p $PIDFILE
+ --pidfile $PIDFILE -- -v -f /etc/pound/$instance.cfg -p $PIDFILE
ret=$?
if [ $ret -eq 0 ]; then
diff --git a/pound.yaml b/pound.yaml
deleted file mode 100644
index 3c19907..0000000
--- a/pound.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-# Default pound.yaml
-# vim:ft=yaml
-
-Global:
- - User: "pound"
- Group: "pound"
-
-Backends:
- - &be
- Address: 127.0.0.1
- Port: 8000
-
-HTTPListeners:
- - Address: 0.0.0.0
- Port: 80
- Services:
- - Backends:
- - *be
-
-HTTPSListeners:
- - Address: 0.0.0.0
- Port: 443
- Services:
- - Backends:
- - *be
- Certificates: "/etc/pki/pound.pem"
- Client: 60
- Ciphers:
- - TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
- - TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
- - TLS-DHE-RSA-WITH-AES-128-CBC-SHA
- - TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
- - TLS-RSA-WITH-AES-128-CCM
- - TLS-RSA-WITH-AES-256-GCM-SHA384
- - TLS-RSA-WITH-RC4-128-MD5
- - TLS-RSA-WITH-3DES-EDE-CBC-SHA
diff --git a/tcmalloc.patch b/tcmalloc.patch
deleted file mode 100644
index 83bfaa1..0000000
--- a/tcmalloc.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- Pound-3.0.1/CMakeLists.txt~ 2021-08-23 17:31:52.000000000 +0200
-+++ Pound-3.0.1/CMakeLists.txt 2021-10-25 22:47:18.511993405 +0200
-@@ -46,10 +46,12 @@
- target_link_libraries(pound -lpthread)
- target_link_libraries(pound Threads::Threads)
-
-+if(WANT_TCMALLOC)
- FIND_LIBRARY(TCMALLOC tcmalloc )
- if(TCMALLOC)
- target_link_libraries(pound -ltcmalloc)
- endif()
-+endif()
-
- FIND_LIBRARY(MBEDCRYPTO mbedcrypto)
- if(MBEDCRYPTO)
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/pound.git/commitdiff/ed5001c5d58decf72d94245a86894c1d2ddc5a29
More information about the pld-cvs-commit
mailing list