Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • fornari/ngx_http_voms_module
  • cnafsd/ngx_http_voms_module
2 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 191 additions and 1434 deletions
docker/nginx.repo 0 → 100644
View file @ 3c4a7183
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
docker/openresty-voms/Dockerfile deleted 100644 → 0
View file @ 08cee99c
FROM centos:7
# Allow customization of nginx user ID and name
ARG NGINX_USER=nginx
ARG NGINX_USER_UID=1001
ENV NGINX_USER $NGINX_USER
ENV NGINX_USER_UID $NGINX_USER_UID
RUN echo "include_only=.garr.it,.cern.ch" >> /etc/yum/pluginconf.d/fastestmirror.conf && \
yum clean all && \
yum install -y hostname epel-release && \
yum -y update && \
yum -y install which wget tar sudo file && \
echo '%wheel ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && \
adduser --uid ${NGINX_USER_UID} ${NGINX_USER} && \
usermod -a -G root ${NGINX_USER} && \
yum clean all && \
rm -rf /var/cache/yum
RUN \
yum -y install voms zlib pcre readline gettext && \
mkdir /pkgs
ADD *.rpm /pkgs/
RUN yum -y localinstall /pkgs/*.rpm && \
chmod -R g+rwx /usr/local/openresty-voms/nginx && \
mkdir -p /etc/nginx/conf.d
ADD assets/nginx.conf /usr/local/openresty-voms/nginx/conf/nginx.conf
CMD ["/usr/bin/openresty-voms", "-g", "daemon off;"]
ENV TINI_VERSION v0.18.0
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
RUN chmod +x /tini
ENTRYPOINT ["/tini", "--"]
docker/openresty-voms/assets/nginx.conf deleted 100644 → 0
View file @ 08cee99c
user nobody;
worker_processes 1;
env OPENSSL_ALLOW_PROXY_CERTS=1;
env X509_VOMS_DIR=/vomsdir;
error_log logs/error.log notice;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format tls '$time_iso8601 [$request_id] $remote_addr - $remote_user "$request" <$upstream_response_time> '
'$ssl_protocol/$ssl_cipher '
'"$ssl_client_s_dn" '
'[$voms_fqans] '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format plain '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log tls;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
rpm/SOURCES/nginx-1.13.6-rm_glibc_crypt_r_workaround.patch deleted 100644 → 0
View file @ 08cee99c
commit 1ef5c9ce6f03907dad1677d25f108d2bf59a5c15
Author: Maxim Dounin <mdounin@mdounin.ru>
Date: Wed May 23 16:38:16 2018 +0300
Removed glibc crypt_r() bug workaround (ticket #1469).
The bug in question was fixed in glibc 2.3.2 and is no longer expected
to manifest itself on real servers. On the other hand, the workaround
causes compilation problems on various systems. Previously, we've
already fixed the code to compile with musl libc (fd6fd02f6a4d), and
now it is broken on Fedora 28 where glibc's crypt library was replaced
by libxcrypt. So the workaround was removed.
diff --git a/bundle/nginx-1.13.6/src/os/unix/ngx_user.c b/bundle/nginx-1.13.6/src/os/unix/ngx_user.c
index 7ebe2b57..b3d81d07 100644
--- a/bundle/nginx-1.13.6/src/os/unix/ngx_user.c
+++ b/bundle/nginx-1.13.6/src/os/unix/ngx_user.c
@@ -21,10 +21,6 @@ ngx_libc_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
struct crypt_data cd;
cd.initialized = 0;
-#ifdef __GLIBC__
- /* work around the glibc bug */
- cd.current_salt[0] = ~salt[0];
-#endif
value = crypt_r((char *) key, (char *) salt, &cd);
rpm/SOURCES/openresty-1.9.15.1.patch deleted 100644 → 0
View file @ 08cee99c
diff -urp openresty-1.9.15.1/bundle/resty-cli-0.12/bin/resty openresty-1.9.15.1-patched/bundle/resty-cli-0.12/bin/resty
--- openresty-1.9.15.1/bundle/resty-cli-0.12/bin/resty 2016-06-03 17:50:22.000000000 -0700
+++ openresty-1.9.15.1-patched/bundle/resty-cli-0.12/bin/resty 2016-07-12 12:50:45.436818037 -0700
@@ -65,9 +65,9 @@ if (!$nginx_path) {
$ext = '';
}
}
- $nginx_path = File::Spec->catfile($FindBin::Bin, "..", "nginx", "sbin", "nginx$ext");
+ $nginx_path = File::Spec->catfile($FindBin::RealBin, "..", "nginx", "sbin", "nginx$ext");
if (!-f $nginx_path) {
- $nginx_path = File::Spec->catfile($FindBin::Bin, "nginx$ext");
+ $nginx_path = File::Spec->catfile($FindBin::RealBin, "nginx$ext");
if (!-f $nginx_path) {
$nginx_path = "nginx"; # find in PATH
}
diff -urp openresty-1.9.15.1/bundle/resty-cli-0.12/bin/restydoc openresty-1.9.15.1-patched/bundle/resty-cli-0.12/bin/restydoc
--- openresty-1.9.15.1/bundle/resty-cli-0.12/bin/restydoc 2016-06-03 17:50:22.000000000 -0700
+++ openresty-1.9.15.1-patched/bundle/resty-cli-0.12/bin/restydoc 2016-07-12 12:51:04.161322019 -0700
@@ -43,10 +43,10 @@ if (!defined $pager) {
}
}
-my $index_file = "$FindBin::Bin/../resty.index";
+my $index_file = "$FindBin::RealBin/../resty.index";
{
if (!-f $index_file) {
- my $f = "$FindBin::Bin/resty.index";
+ my $f = "$FindBin::RealBin/resty.index";
if (-f $f) {
$index_file = $f;
}
@@ -179,7 +179,7 @@ if (!@dists) {
die "ERROR: $index_file is empty.\n";
}
-my $poddir = "$FindBin::Bin/../pod";
+my $poddir = "$FindBin::RealBin/../pod";
if ($section_pat) {
$section_pat = lc $section_pat;
diff -urp openresty-1.9.15.1/bundle/resty-cli-0.12/bin/restydoc-index openresty-1.9.15.1-patched/bundle/resty-cli-0.12/bin/restydoc-index
--- openresty-1.9.15.1/bundle/resty-cli-0.12/bin/restydoc-index 2016-06-03 17:50:22.000000000 -0700
+++ openresty-1.9.15.1-patched/bundle/resty-cli-0.12/bin/restydoc-index 2016-07-12 12:51:13.478124001 -0700
@@ -17,7 +17,7 @@ GetOptions(
) or die "Usage: $0 [--outdir DIR] DIR\n";
if (!defined $outdir) {
- $outdir = "$FindBin::Bin/..";
+ $outdir = "$FindBin::RealBin/..";
} else {
$outdir = File::Spec->rel2abs($outdir);
@@ -135,7 +135,7 @@ sub wanted {
#warn $name;
#warn "wanted: $File::Find::dir $File::Find::name $_\n";
$podfile = "$poddir/$name.pod";
- shell("$FindBin::Bin/md2pod.pl -o $podfile $mdfile");
+ shell("$FindBin::RealBin/md2pod.pl -o $podfile $mdfile");
}
my $dist_module = process_pod($podfile, $name);
--- openresty-1.9.15.1-patched/bundle/resty-cli-0.12/bin/restydoc 2016-07-12 12:51:04.161322019 -0700
+++ openresty-1.9.15.1-patched2/bundle/resty-cli-0.12/bin/restydoc 2016-07-13 16:29:31.227640004 -0700
@@ -517,7 +517,8 @@ sub process_section_hit {
}
my $groff_cmd = get_groff_cmd();
- exec("pod2man -u -c '$full_dist_name' "
+ my $pod2man_cmd = get_pod2man_cmd();
+ exec("$pod2man_cmd -c '$full_dist_name' "
. " -r -s 7 -n '$module_name' "
. "$tmpfile | $groff_cmd | $pager");
}
@@ -550,7 +551,8 @@ sub process_module_hit {
}
my $groff_cmd = get_groff_cmd();
- exec("pod2man -u -c '$full_dist_name' "
+ my $pod2man_cmd = get_pod2man_cmd();
+ exec("$pod2man_cmd -c '$full_dist_name' "
. "-r -s 7 -n '$name' "
. "$podfile | $groff_cmd | $pager");
}
@@ -563,6 +565,14 @@ sub get_groff_cmd {
return "groff -Tascii -mandoc -Wbreak";
}
+sub get_pod2man_cmd {
+ my $help = `pod2man --help`;
+ if ($help =~ /^ \s+ -u \b/xm) {
+ return "pod2man -u";
+ }
+ return "pod2man";
+}
+
sub shell {
my $cmd = shift;
rpm/SOURCES/openresty-voms.init deleted 100644 → 0
View file @ 08cee99c
#!/bin/sh
#
# openresty-voms - this script starts and stops the nginx daemon of OpenResty
#
# chkconfig: 345 85 15
# description: OpenResty is a scalable web platform by extending
# NGINX with Lua
# processname: openresty-voms
# config: /usr/local/openresty-voms/nginx/conf/nginx.conf
# config: /etc/sysconfig/openresty
# pidfile: /usr/local/openresty-voms/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/openresty-voms/nginx/sbin/nginx"
prog=$(basename $nginx)
pidfile=/usr/local/openresty-voms/nginx/logs/nginx.pid
NGINX_CONF_FILE="/usr/local/openresty-voms/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/openresty-voms ] && . /etc/sysconfig/openresty-voms
lockfile=/var/lock/subsys/openresty-voms
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -q -t -c $NGINX_CONF_FILE
}
rh_status() {
status $nginx
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
rpm/SOURCES/openresty-voms.service deleted 100644 → 0
View file @ 08cee99c
[Unit]
Description=The OpenResty Application Platform
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/openresty-voms/nginx/logs/nginx.pid
ExecStartPre=/usr/local/openresty-voms/nginx/sbin/nginx -t
ExecStart=/usr/local/openresty-voms/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
rpm/SPECS/openresty-voms-debug.spec deleted 100644 → 0
View file @ 08cee99c
Name: openresty-voms
Version: 1.19.9.1
Release: 1%{?dist}
Summary: OpenResty, scalable web platform by extending NGINX with Lua, with HTTPG and VOMS support
Group: System Environment/Daemons
# BSD License (two clause)
# http://www.freebsd.org/copyright/freebsd-license.html
License: BSD
URL: https://openresty.org/
Source0: https://openresty.org/download/openresty-%{version}.tar.gz
Patch0: nginx-httpg_no_delegation.patch
%if 0%{?amzn} >= 2 || 0%{?suse_version} || 0%{?fedora} || 0%{?rhel} >= 7
%define use_systemd 1
%endif
Source1: %{name}.service
Source2: %{name}.init
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: perl-File-Temp
BuildRequires: ccache, gcc, make, perl, systemtap-sdt-devel
BuildRequires: zlib-devel
BuildRequires: openssl-devel
BuildRequires: pcre-devel
BuildRequires: voms-devel
BuildRequires: boost-devel
Requires: zlib
Requires: openssl
Requires: pcre
Requires: voms
%if 0%{?suse_version}
# for /sbin/service
Requires(post): insserv-compat
Requires(preun): insserv-compat
BuildRequires: systemd
%else
%if 0%{?use_systemd}
BuildRequires: systemd
Requires: systemd
%else
# for /sbin/service
Requires(post): chkconfig
Requires(preun): chkconfig, initscripts
%endif
%endif
AutoReqProv: no
%define orprefix %{_usr}/local/%{name}
%description
This package contains the core server for OpenResty. Built for production
uses.
OpenResty is a full-fledged web platform by integrating the standard Nginx
core, LuaJIT, many carefully written Lua libraries, lots of high quality
3rd-party Nginx modules, and most of their external dependencies. It is
designed to help developers easily build scalable web applications, web
services, and dynamic web gateways.
By taking advantage of various well-designed Nginx modules (most of which
are developed by the OpenResty team themselves), OpenResty effectively
turns the nginx server into a powerful web app server, in which the web
developers can use the Lua programming language to script various existing
nginx C modules and Lua modules and construct extremely high-performance
web applications that are capable to handle 10K ~ 1000K+ connections in
a single box.
%if 0%{?suse_version}
%debug_package
%else
# Remove source code from debuginfo package.
%define __debug_install_post \
%{_rpmconfigdir}/find-debuginfo.sh %{?_missing_build_ids_terminate_build:--strict-build-id} %{?_find_debuginfo_opts} "%{_builddir}/%{?buildsubdir}"; \
rm -rf "${RPM_BUILD_ROOT}/usr/src/debug"; \
mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug/openresty-%{version}"; \
mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug/tmp"; \
mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug/builddir"; \
%{nil}
%endif
%if 0%{?fedora} >= 27
%undefine _debugsource_packages
%undefine _debuginfo_subpackages
%endif
%if 0%{?rhel} >= 8
%undefine _debugsource_packages
%undefine _debuginfo_subpackages
%endif
%package resty
Summary: OpenResty command-line utility, resty
Group: Development/Tools
Requires: perl, %{name} >= %{version}-%{release}
Requires: perl(File::Spec), perl(FindBin), perl(List::Util), perl(Getopt::Long), perl(File::Temp), perl(POSIX), perl(Time::HiRes)
%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6
BuildArch: noarch
%endif
%description resty
This package contains the "resty" command-line utility for OpenResty, which
runs OpenResty Lua scripts on the terminal using a headless NGINX behind the
scene.
OpenResty is a full-fledged web platform by integrating the standard Nginx
core, LuaJIT, many carefully written Lua libraries, lots of high quality
3rd-party Nginx modules, and most of their external dependencies. It is
designed to help developers easily build scalable web applications, web
services, and dynamic web gateways.
%package doc
Summary: OpenResty documentation tool, restydoc
Group: Development/Tools
Requires: perl, perl(Getopt::Std), perl(File::Spec), perl(FindBin), perl(Cwd), perl(File::Temp), perl(Pod::Man), perl(Pod::Text)
%if (!0%{?rhel} || 0%{?rhel} < 7) && !0%{?fedora}
Requires: groff
%endif
%if (0%{?rhel} && 0%{?rhel} >= 7) || 0%{?fedora}
Requires: groff-base
%endif
Provides: restydoc, restydoc-index, md2pod.pl
%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6
BuildArch: noarch
%endif
%description doc
This package contains the official OpenResty documentation index and
the "restydoc" command-line utility for viewing it.
OpenResty is a full-fledged web platform by integrating the standard Nginx
core, LuaJIT, many carefully written Lua libraries, lots of high quality
3rd-party Nginx modules, and most of their external dependencies. It is
designed to help developers easily build scalable web applications, web
services, and dynamic web gateways.
%package opm
Summary: OpenResty Package Manager
Group: Development/Tools
Requires: perl, %{name} >= %{version}-%{release}, perl(Digest::MD5)
Requires: %{name}-doc >= %{version}-%{release}, %{name}-resty >= %{version}-%{release}
Requires: curl, tar, gzip
#BuildRequires: perl(Digest::MD5)
Requires: perl(Encode), perl(FindBin), perl(File::Find), perl(File::Path), perl(File::Spec), perl(Cwd), perl(Digest::MD5), perl(File::Copy), perl(File::Temp), perl(Getopt::Long)
%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6
BuildArch: noarch
%endif
%description opm
This package provides the client side tool, opm, for OpenResty Pakcage Manager (OPM).
%prep
%setup -q -n "openresty-%{version}"
nginx_version=$(find bundle -name nginx.h | xargs awk '/define NGINX_VERSION/ {print $3}' | tr -d '"')
cd bundle/nginx-${nginx_version}
%patch0 -p1
cd ../..
%build
./configure \
--prefix="%{orprefix}" \
--with-cc='ccache gcc -fdiagnostics-color=always' \
--with-debug \
--with-cc-opt="-DNGX_LUA_ABORT_AT_PANIC -Og" \
--with-pcre-jit \
--without-http_rds_json_module \
--without-http_rds_csv_module \
--without-lua_rds_parser \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-http_v2_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_secure_link_module \
--with-http_random_index_module \
--with-http_gzip_static_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-threads \
--with-compat \
--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT' \
--add-module=%{voms_module_prefix} \
-j`nproc`
make -j`nproc`
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
rm -rf %{buildroot}%{orprefix}/luajit/share/man
rm -rf %{buildroot}%{orprefix}/luajit/lib/libluajit-5.1.a
mkdir -p %{buildroot}/usr/bin
mv %{buildroot}%{orprefix}/bin/openresty %{buildroot}%{orprefix}/bin/%{name}
ln -sf %{orprefix}/bin/resty %{buildroot}/usr/bin/
ln -sf %{orprefix}/bin/restydoc %{buildroot}/usr/bin/
ln -sf %{orprefix}/bin/opm %{buildroot}/usr/bin/
ln -sf %{orprefix}/nginx/sbin/nginx %{buildroot}/usr/bin/%{name}
%if 0%{?use_systemd}
mkdir -p %{buildroot}%{_unitdir}
%{__install} -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
%else
mkdir -p %{buildroot}/etc/init.d
%{__install} -p -m 0755 %{SOURCE2} %{buildroot}/etc/init.d/%{name}
%endif
# to silence the check-rpath error
export QA_RPATHS=$[ 0x0002 ]
%clean
rm -rf %{buildroot}
%post
%if 0%{?use_systemd}
%systemd_post %{name}.service
%else
%if ! 0%{?suse_version}
/sbin/chkconfig --add %{name}
%endif
%endif
%preun
%if 0%{?use_systemd}
%systemd_preun %{name}.service
%else
%if ! 0%{?suse_version}
if [ $1 = 0 ]; then
/sbin/service %{name} stop >/dev/null 2>&1
/sbin/chkconfig --del %{name}
fi
%endif
%endif
%if 0%{?use_systemd}
%postun
%systemd_postun_with_restart %{name}.service
%endif
%files
%defattr(-,root,root,-)
%if 0%{?use_systemd}
%{_unitdir}/%{name}.service
%else
/etc/init.d/%{name}
%endif
/usr/bin/%{name}
%{orprefix}/bin/%{name}
%{orprefix}/site/lualib/
%{orprefix}/luajit/*
%{orprefix}/lualib/*
%{orprefix}/nginx/html/*
%{orprefix}/nginx/logs/
%{orprefix}/nginx/sbin/*
%config(noreplace) %{orprefix}/nginx/conf/*
%{orprefix}/COPYRIGHT
%files resty
%defattr(-,root,root,-)
/usr/bin/resty
%{orprefix}/bin/resty
%files doc
%defattr(-,root,root,-)
/usr/bin/restydoc
%{orprefix}/bin/restydoc
%{orprefix}/bin/restydoc-index
%{orprefix}/bin/md2pod.pl
%{orprefix}/bin/nginx-xml2pod
%{orprefix}/pod/*
%{orprefix}/resty.index
%files opm
%defattr(-,root,root,-)
/usr/bin/opm
%{orprefix}/bin/opm
%{orprefix}/site/manifest/
%{orprefix}/site/pod/
%changelog
* Fri Nov 12 2021 Francesco Giacomini
- add HTTPG and VOMS support to openresty 1.19.9.1
* Fri Aug 6 2021 Yichun Zhang (agentzh) 1.19.9.1-1
- upgraded openresty to 1.19.9.1.
* Mon May 31 2021 Yichun Zhang (agentzh) 1.19.3.2-1
- upgraded openresty to 1.19.3.2.
* Fri Nov 6 2020 Yichun Zhang (agentzh) 1.19.3.1-1
- upgraded openresty to 1.19.3.1.
* Mon Jul 13 2020 Yichun Zhang (agentzh) 1.17.8.2-1
- upgraded openresty to 1.17.8.2.
* Fri Jul 3 2020 Yichun Zhang (agentzh) 1.17.8.1-1
- upgraded openresty to 1.17.8.1.
* Mon Nov 18 2019 Elisabetta Ronchieri 1.15.8.2-7
- handled rpm package with voms module.
* Thu Aug 29 2019 Yichun Zhang (agentzh) 1.15.8.2-1
- upgraded openresty to 1.15.8.2.
* Thu May 16 2019 Yichun Zhang (agentzh) 1.15.8.1-1
- upgraded openresty to 1.15.8.1.
* Mon May 14 2018 Yichun Zhang (agentzh) 1.13.6.2-1
- upgraded openresty to 1.13.6.2.
* Sun Nov 12 2017 Yichun Zhang (agentzh) 1.13.6.1-1
- upgraded openresty to 1.13.6.1.
* Thu Sep 21 2017 Yichun Zhang (agentzh) 1.11.2.5-2
- enabled -DNGX_LUA_ABORT_AT_PANIC by default.
* Thu Aug 17 2017 Yichun Zhang (agentzh) 1.11.2.5-1
- upgraded OpenResty to 1.11.2.5.
* Tue Jul 11 2017 Yichun Zhang (agentzh) 1.11.2.4-1
- upgraded OpenResty to 1.11.2.4.
* Sat May 27 2017 Yichun Zhang (agentzh) 1.11.2.3-14
- bugfix: the openresty-opm subpackage did not depend on openresty-doc and openresty-resty.
* Sat May 27 2017 Yichun Zhang (agentzh) 1.11.2.3-14
- centos 6 and opensuse do not have the groff-base package.
* Sat May 27 2017 Yichun Zhang (agentzh) 1.11.2.3-13
- openresty-doc now depends on groff-base.
* Thu May 25 2017 Yichun Zhang (agentzh) 1.11.2.3-12
- added missing groff/pod2txt/pod2man dependencies for openresty-doc.
* Thu May 25 2017 Yichun Zhang (agentzh) 1.11.2.3-11
- added missing perl dependencies for openresty-opm, openresty-resty, and openresty-doc.
* Sun May 21 2017 Yichun Zhang (agentzh) 1.11.2.3-10
- removed the geoip nginx module since GeoIP is not available everywhere.
* Fri Apr 21 2017 Yichun Zhang (agentzh)
- upgrade to the OpenResty 1.11.2.3 release: http://openresty.org/en/changelog-1011002.html
* Sat Dec 24 2016 Yichun Zhang
- init script: explicity specify the runlevels 345.
* Wed Dec 14 2016 Yichun Zhang
- opm missing runtime dependencies curl, tar, and gzip.
- enabled http_geoip_module by default.
* Fri Nov 25 2016 Yichun Zhang
- opm missing runtime dependency perl(Digest::MD5)
* Thu Nov 17 2016 Yichun Zhang
- upgraded OpenResty to 1.11.2.2.
* Fri Aug 26 2016 Yichun Zhang
- use dual number mode in our luajit builds which should usually
be faster for web application use cases.
* Wed Aug 24 2016 Yichun Zhang
- bump OpenResty version to 1.11.2.1.
* Tue Aug 23 2016 zxcvbn4038
- use external packages openresty-zlib and openresty-pcre through dynamic linking.
* Thu Jul 14 2016 Yichun Zhang
- enabled more nginx standard modules as well as threads and file aio.
* Sun Jul 10 2016 makerpm
- initial build for OpenResty 1.9.15.1.
rpm/SPECS/openresty-voms.spec deleted 100644 → 0
View file @ 08cee99c
Name: openresty-voms
Version: 1.19.9.1
Release: 1%{?dist}
Summary: OpenResty, scalable web platform by extending NGINX with Lua, with HTTPG and VOMS support
Group: System Environment/Daemons
# BSD License (two clause)
# http://www.freebsd.org/copyright/freebsd-license.html
License: BSD
URL: https://openresty.org/
Source0: https://openresty.org/download/openresty-%{version}.tar.gz
Patch0: nginx-httpg_no_delegation.patch
%if 0%{?amzn} >= 2 || 0%{?suse_version} || 0%{?fedora} || 0%{?rhel} >= 7
%define use_systemd 1
%endif
Source1: %{name}.service
Source2: %{name}.init
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: perl-File-Temp
BuildRequires: ccache, gcc, make, perl, systemtap-sdt-devel
BuildRequires: zlib-devel
BuildRequires: openssl-devel
BuildRequires: pcre-devel
BuildRequires: voms-devel
BuildRequires: boost-devel
Requires: zlib
Requires: openssl
Requires: pcre
Requires: voms
%if 0%{?suse_version}
# for /sbin/service
Requires(post): insserv-compat
Requires(preun): insserv-compat
BuildRequires: systemd
%else
%if 0%{?use_systemd}
BuildRequires: systemd
Requires: systemd
%else
# for /sbin/service
Requires(post): chkconfig
Requires(preun): chkconfig, initscripts
%endif
%endif
AutoReqProv: no
%define orprefix %{_usr}/local/%{name}
%description
This package contains the core server for OpenResty. Built for production
uses.
OpenResty is a full-fledged web platform by integrating the standard Nginx
core, LuaJIT, many carefully written Lua libraries, lots of high quality
3rd-party Nginx modules, and most of their external dependencies. It is
designed to help developers easily build scalable web applications, web
services, and dynamic web gateways.
By taking advantage of various well-designed Nginx modules (most of which
are developed by the OpenResty team themselves), OpenResty effectively
turns the nginx server into a powerful web app server, in which the web
developers can use the Lua programming language to script various existing
nginx C modules and Lua modules and construct extremely high-performance
web applications that are capable to handle 10K ~ 1000K+ connections in
a single box.
%if 0%{?suse_version}
%debug_package
%else
# Remove source code from debuginfo package.
%define __debug_install_post \
%{_rpmconfigdir}/find-debuginfo.sh %{?_missing_build_ids_terminate_build:--strict-build-id} %{?_find_debuginfo_opts} "%{_builddir}/%{?buildsubdir}"; \
rm -rf "${RPM_BUILD_ROOT}/usr/src/debug"; \
mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug/openresty-%{version}"; \
mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug/tmp"; \
mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug/builddir"; \
%{nil}
%endif
%if 0%{?fedora} >= 27
%undefine _debugsource_packages
%undefine _debuginfo_subpackages
%endif
%if 0%{?rhel} >= 8
%undefine _debugsource_packages
%undefine _debuginfo_subpackages
%endif
%package resty
Summary: OpenResty command-line utility, resty
Group: Development/Tools
Requires: perl, %{name} >= %{version}-%{release}
Requires: perl(File::Spec), perl(FindBin), perl(List::Util), perl(Getopt::Long), perl(File::Temp), perl(POSIX), perl(Time::HiRes)
%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6
BuildArch: noarch
%endif
%description resty
This package contains the "resty" command-line utility for OpenResty, which
runs OpenResty Lua scripts on the terminal using a headless NGINX behind the
scene.
OpenResty is a full-fledged web platform by integrating the standard Nginx
core, LuaJIT, many carefully written Lua libraries, lots of high quality
3rd-party Nginx modules, and most of their external dependencies. It is
designed to help developers easily build scalable web applications, web
services, and dynamic web gateways.
%package doc
Summary: OpenResty documentation tool, restydoc
Group: Development/Tools
Requires: perl, perl(Getopt::Std), perl(File::Spec), perl(FindBin), perl(Cwd), perl(File::Temp), perl(Pod::Man), perl(Pod::Text)
%if (!0%{?rhel} || 0%{?rhel} < 7) && !0%{?fedora}
Requires: groff
%endif
%if (0%{?rhel} && 0%{?rhel} >= 7) || 0%{?fedora}
Requires: groff-base
%endif
Provides: restydoc, restydoc-index, md2pod.pl
%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6
BuildArch: noarch
%endif
%description doc
This package contains the official OpenResty documentation index and
the "restydoc" command-line utility for viewing it.
OpenResty is a full-fledged web platform by integrating the standard Nginx
core, LuaJIT, many carefully written Lua libraries, lots of high quality
3rd-party Nginx modules, and most of their external dependencies. It is
designed to help developers easily build scalable web applications, web
services, and dynamic web gateways.
%package opm
Summary: OpenResty Package Manager
Group: Development/Tools
Requires: perl, %{name} >= %{version}-%{release}, perl(Digest::MD5)
Requires: %{name}-doc >= %{version}-%{release}, %{name}-resty >= %{version}-%{release}
Requires: curl, tar, gzip
#BuildRequires: perl(Digest::MD5)
Requires: perl(Encode), perl(FindBin), perl(File::Find), perl(File::Path), perl(File::Spec), perl(Cwd), perl(Digest::MD5), perl(File::Copy), perl(File::Temp), perl(Getopt::Long)
%if 0%{?fedora} >= 10 || 0%{?rhel} >= 6 || 0%{?centos} >= 6
BuildArch: noarch
%endif
%description opm
This package provides the client side tool, opm, for OpenResty Pakcage Manager (OPM).
%prep
%setup -q -n "openresty-%{version}"
nginx_version=$(find bundle -name nginx.h | xargs awk '/define NGINX_VERSION/ {print $3}' | tr -d '"')
cd bundle/nginx-${nginx_version}
%patch0 -p1
cd ../..
%build
./configure \
--prefix="%{orprefix}" \
--with-cc='ccache gcc -fdiagnostics-color=always' \
--with-cc-opt="-DNGX_LUA_ABORT_AT_PANIC" \
--with-pcre-jit \
--without-http_rds_json_module \
--without-http_rds_csv_module \
--without-lua_rds_parser \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-http_v2_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_secure_link_module \
--with-http_random_index_module \
--with-http_gzip_static_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-threads \
--with-compat \
--with-luajit-xcflags='-DLUAJIT_NUMMODE=2 -DLUAJIT_ENABLE_LUA52COMPAT' \
--add-module=%{voms_module_prefix} \
-j`nproc`
make -j`nproc`
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
rm -rf %{buildroot}%{orprefix}/luajit/share/man
rm -rf %{buildroot}%{orprefix}/luajit/lib/libluajit-5.1.a
mkdir -p %{buildroot}/usr/bin
mv %{buildroot}%{orprefix}/bin/openresty %{buildroot}%{orprefix}/bin/%{name}
ln -sf %{orprefix}/bin/resty %{buildroot}/usr/bin/
ln -sf %{orprefix}/bin/restydoc %{buildroot}/usr/bin/
ln -sf %{orprefix}/bin/opm %{buildroot}/usr/bin/
ln -sf %{orprefix}/nginx/sbin/nginx %{buildroot}/usr/bin/%{name}
%if 0%{?use_systemd}
mkdir -p %{buildroot}%{_unitdir}
%{__install} -p -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/
%else
mkdir -p %{buildroot}/etc/init.d
%{__install} -p -m 0755 %{SOURCE2} %{buildroot}/etc/init.d/%{name}
%endif
# to silence the check-rpath error
export QA_RPATHS=$[ 0x0002 ]
%clean
rm -rf %{buildroot}
%post
%if 0%{?use_systemd}
%systemd_post %{name}.service
%else
%if ! 0%{?suse_version}
/sbin/chkconfig --add %{name}
%endif
%endif
%preun
%if 0%{?use_systemd}
%systemd_preun %{name}.service
%else
%if ! 0%{?suse_version}
if [ $1 = 0 ]; then
/sbin/service %{name} stop >/dev/null 2>&1
/sbin/chkconfig --del %{name}
fi
%endif
%endif
%if 0%{?use_systemd}
%postun
%systemd_postun_with_restart %{name}.service
%endif
%files
%defattr(-,root,root,-)
%if 0%{?use_systemd}
%{_unitdir}/%{name}.service
%else
/etc/init.d/%{name}
%endif
/usr/bin/%{name}
%{orprefix}/bin/%{name}
%{orprefix}/site/lualib/
%{orprefix}/luajit/*
%{orprefix}/lualib/*
%{orprefix}/nginx/html/*
%{orprefix}/nginx/logs/
%{orprefix}/nginx/sbin/*
%config(noreplace) %{orprefix}/nginx/conf/*
%{orprefix}/COPYRIGHT
%files resty
%defattr(-,root,root,-)
/usr/bin/resty
%{orprefix}/bin/resty
%files doc
%defattr(-,root,root,-)
/usr/bin/restydoc
%{orprefix}/bin/restydoc
%{orprefix}/bin/restydoc-index
%{orprefix}/bin/md2pod.pl
%{orprefix}/bin/nginx-xml2pod
%{orprefix}/pod/*
%{orprefix}/resty.index
%files opm
%defattr(-,root,root,-)
/usr/bin/opm
%{orprefix}/bin/opm
%{orprefix}/site/manifest/
%{orprefix}/site/pod/
%changelog
* Fri Nov 12 2021 Francesco Giacomini
- add HTTPG and VOMS support to openresty 1.19.9.1
* Fri Aug 6 2021 Yichun Zhang (agentzh) 1.19.9.1-1
- upgraded openresty to 1.19.9.1.
* Mon May 31 2021 Yichun Zhang (agentzh) 1.19.3.2-1
- upgraded openresty to 1.19.3.2.
* Fri Nov 6 2020 Yichun Zhang (agentzh) 1.19.3.1-1
- upgraded openresty to 1.19.3.1.
* Mon Jul 13 2020 Yichun Zhang (agentzh) 1.17.8.2-1
- upgraded openresty to 1.17.8.2.
* Fri Jul 3 2020 Yichun Zhang (agentzh) 1.17.8.1-1
- upgraded openresty to 1.17.8.1.
* Mon Nov 18 2019 Elisabetta Ronchieri 1.15.8.2-7
- handled rpm package with voms module.
* Thu Aug 29 2019 Yichun Zhang (agentzh) 1.15.8.2-1
- upgraded openresty to 1.15.8.2.
* Thu May 16 2019 Yichun Zhang (agentzh) 1.15.8.1-1
- upgraded openresty to 1.15.8.1.
* Mon May 14 2018 Yichun Zhang (agentzh) 1.13.6.2-1
- upgraded openresty to 1.13.6.2.
* Sun Nov 12 2017 Yichun Zhang (agentzh) 1.13.6.1-1
- upgraded openresty to 1.13.6.1.
* Thu Sep 21 2017 Yichun Zhang (agentzh) 1.11.2.5-2
- enabled -DNGX_LUA_ABORT_AT_PANIC by default.
* Thu Aug 17 2017 Yichun Zhang (agentzh) 1.11.2.5-1
- upgraded OpenResty to 1.11.2.5.
* Tue Jul 11 2017 Yichun Zhang (agentzh) 1.11.2.4-1
- upgraded OpenResty to 1.11.2.4.
* Sat May 27 2017 Yichun Zhang (agentzh) 1.11.2.3-14
- bugfix: the openresty-opm subpackage did not depend on openresty-doc and openresty-resty.
* Sat May 27 2017 Yichun Zhang (agentzh) 1.11.2.3-14
- centos 6 and opensuse do not have the groff-base package.
* Sat May 27 2017 Yichun Zhang (agentzh) 1.11.2.3-13
- openresty-doc now depends on groff-base.
* Thu May 25 2017 Yichun Zhang (agentzh) 1.11.2.3-12
- added missing groff/pod2txt/pod2man dependencies for openresty-doc.
* Thu May 25 2017 Yichun Zhang (agentzh) 1.11.2.3-11
- added missing perl dependencies for openresty-opm, openresty-resty, and openresty-doc.
* Sun May 21 2017 Yichun Zhang (agentzh) 1.11.2.3-10
- removed the geoip nginx module since GeoIP is not available everywhere.
* Fri Apr 21 2017 Yichun Zhang (agentzh)
- upgrade to the OpenResty 1.11.2.3 release: http://openresty.org/en/changelog-1011002.html
* Sat Dec 24 2016 Yichun Zhang
- init script: explicity specify the runlevels 345.
* Wed Dec 14 2016 Yichun Zhang
- opm missing runtime dependencies curl, tar, and gzip.
- enabled http_geoip_module by default.
* Fri Nov 25 2016 Yichun Zhang
- opm missing runtime dependency perl(Digest::MD5)
* Thu Nov 17 2016 Yichun Zhang
- upgraded OpenResty to 1.11.2.2.
* Fri Aug 26 2016 Yichun Zhang
- use dual number mode in our luajit builds which should usually
be faster for web application use cases.
* Wed Aug 24 2016 Yichun Zhang
- bump OpenResty version to 1.11.2.1.
* Tue Aug 23 2016 zxcvbn4038
- use external packages openresty-zlib and openresty-pcre through dynamic linking.
* Thu Jul 14 2016 Yichun Zhang
- enabled more nginx standard modules as well as threads and file aio.
* Sun Jul 10 2016 makerpm
- initial build for OpenResty 1.9.15.1.
rpm/addPatchToNginxSpec.sh 0 → 100755
View file @ 3c4a7183
#!/usr/bin/env bash
set -ex
# Add the httpg patch
# Set the nginx spec file with the httpg patch
PATCH_NAME="nginx-httpg_no_delegation.patch"
SPEC_FILE="${HOME}/rpmbuild/SPECS/nginx.spec"
if grep --extended-regexp --quiet "^Patch.*: $PATCH_NAME" "$SPEC_FILE"; then
>&2 echo "The patch $PATCH_NAME is already included in the spec file $SPEC_FILE"
exit 0
fi
# Copy the patch in the rpmbuild directory
cp ${CI_PROJECT_DIR}/${PATCH_NAME} ~/rpmbuild/SOURCES/
pushd ~/rpmbuild/SOURCES/
# Find the highest existing Patch number in the spec file
LAST_PATCH_NUM=$(grep -oP "^Patch\K[0-9]+" $SPEC_FILE | sort -n | tail -1)
if [ -z "$LAST_PATCH_NUM" ]; then
# There are no existing patches: find the highest Source number in the spec file
LAST_SOURCE_NUM=$(grep -oP "^Source\K[0-9]+" $SPEC_FILE | sort -n | tail -1)
# Add the patch to the spec file after the last Source
sed -i.backup "/^Source${LAST_SOURCE_NUM}/a Patch0: ${PATCH_NAME}" "${SPEC_FILE}"
else
# Add the new patch to the spec file after the last Patch
sed -i.backup "/^Patch${LAST_PATCH_NUM}/a Patch$((LAST_PATCH_NUM + 1)): ${PATCH_NAME}" "${SPEC_FILE}"
fi
# Add httpg to release
sed -i '/%define base_release/ s/ngx/httpg/' "${SPEC_FILE}"
diff "${SPEC_FILE}.backup" "${SPEC_FILE}" || true
popd
rpm/make_packaging.sh deleted 100644 → 0
View file @ 08cee99c
#!/bin/sh
voms_module_prefix=${HOME}/ngx_http_voms_module
if [ $# -eq 1 ]; then
voms_module_prefix=$1
fi
if [ ! -d "$voms_module_prefix" ]; then
echo "$voms_module_prefix doesn't exist" >&2
exit 1
fi
mkdir -p ${HOME}/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
cat <<EOF > ${HOME}/.rpmmacros
%_topdir %{getenv:HOME}/rpmbuild
%voms_module_prefix ${voms_module_prefix}
EOF
cat ${HOME}/.rpmmacros
cp ${voms_module_prefix}/nginx-httpg_no_delegation.patch ${HOME}/rpmbuild/SOURCES/
cp SOURCES/* ${HOME}/rpmbuild/SOURCES/
cp SPECS/*.spec ${HOME}/rpmbuild/SPECS/
spectool -g -R ${HOME}/rpmbuild/SPECS/openresty-voms.spec
rpmbuild -ba ${HOME}/rpmbuild/SPECS/openresty-voms.spec
rpm/nginx-module-http-voms.spec 0 → 100644
View file @ 3c4a7183
%define nginx_user nginx
%define nginx_group nginx
%define base_version 1.26.2
%define bdir %{_builddir}/%{name}-%{base_version}
Name: nginx-module-http-voms
Version: %{base_version}
Release: 1%{?dist}
Summary: nginx http voms dynamic modules
License: EUPL-1.2
URL: https://baltig.infn.it/cnafsd/ngx_http_voms_module
Source0: https://nginx.org/download/nginx-%{base_version}.tar.gz
Source1: ngx-http-voms-module
BuildRequires: gcc, make
BuildRequires: voms-devel
BuildRequires: boost-devel
BuildRequires: openssl-devel
BuildRequires: zlib-devel
BuildRequires: pcre2-devel
Requires: nginx
Requires: zlib
Requires: openssl
Requires: pcre2
Requires: voms
%description
nginx http voms dynamic modules.
%prep
%setup -qcTn %{name}-%{base_version}
tar --strip-components=1 -zxf %{SOURCE0}
%define CONFIG_PATH %(echo "--prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp")
%define CONFIG_ARGS %(echo "--user=nginx --group=nginx --with-compat --with-http_ssl_module")
%define MODULE_CONFIG_ARGS %(echo "--add-dynamic-module=%SOURCE1")
%build
cd %{bdir}
./configure %{CONFIG_PATH} %{CONFIG_ARGS} %{MODULE_CONFIG_ARGS}
make %{?_smp_mflags} modules
%install
cd %{bdir}
%{__rm} -rf $RPM_BUILD_ROOT
%{__mkdir} -p $RPM_BUILD_ROOT%{_libdir}/nginx/modules
for so in `find %{bdir}/objs/ -maxdepth 2 -type f -name "*.so"`; do
%{__install} -m755 $so \
$RPM_BUILD_ROOT%{_libdir}/nginx/modules/
done
%clean
%{__rm} -rf $RPM_BUILD_ROOT
%files
%{_libdir}/nginx/modules/*
%post
if [ $1 -eq 1 ]; then
cat <<BANNER
----------------------------------------------------------------------
The http voms dynamic modules for nginx have been installed.
To enable these modules, add the following to /etc/nginx/nginx.conf
and reload nginx:
load_module modules/ngx_http_voms_module.so;
Please refer to the modules documentation for further details:
https://baltig.infn.it/cnafsd/ngx_http_voms_module
----------------------------------------------------------------------
BANNER
fi
%changelog
* Fri Oct 18 2024 Francesco Giacomini
- nginx http voms module updated to 1.26.2-1.0.0
* Wed Apr 12 2023 Laura Cappelli
- nginx http voms module updated to 1.24.0-1.0.0
* Fri Nov 18 2022 Laura Cappelli
- nginx http voms module updated to 1.22.1-1.0.0
src/ngx_http_voms_module.cpp
View file @ 3c4a7183
// Copyright 2018 Istituto Nazionale di Fisica Nucleare
//
// Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
// the European Commission - subsequent versions of the EUPL (the "Licence").
// You may not use this work except in compliance with the Licence. You may
// obtain a copy of the Licence at:
//
// https://joinup.ec.europa.eu/software/page/eupl
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
// Licence for the specific language governing permissions and limitations under
// the Licence.
// Copyright 2018-2023 Istituto Nazionale di Fisica Nucleare
// SPDX-License-Identifier: EUPL-1.2
extern "C" {
#include <ngx_config.h>
......@@ -29,6 +17,7 @@ extern "C" {
#include <boost/algorithm/string/join.hpp>
#include <boost/algorithm/string/replace.hpp>
#include <boost/optional.hpp>
#include <boost/version.hpp>
using BioPtr = std::unique_ptr<BIO, decltype(&BIO_free)>;
using X509Ptr = std::unique_ptr<X509, decltype(&X509_free)>;
......@@ -261,7 +250,7 @@ static MaybeVomsAc retrieve_voms_ac_from_proxy(ngx_http_request_t* r)
{
ngx_log_error(NGX_LOG_DEBUG, r->connection->log, 0, "%s", __func__);
if (!r->http_connection->ssl) {
if (!r->main->http_connection->ssl) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "SSL not enabled");
return boost::none;
}
......@@ -661,6 +650,7 @@ static ngx_int_t get_ssl_client_ee_cert_raw(ngx_http_request_t* r,
return NGX_OK;
}
#if BOOST_VERSION < 105600
namespace boost {
template <typename IteratorT, typename IntegerT>
inline iterator_range<IteratorT> make_iterator_range_n(IteratorT first,
......@@ -669,6 +659,7 @@ inline iterator_range<IteratorT> make_iterator_range_n(IteratorT first,
return iterator_range<IteratorT>(first, boost::next(first, n));
}
} // namespace boost
#endif
static ngx_int_t get_ssl_client_ee_cert(ngx_http_request_t* r,
ngx_http_variable_value_t* v,
......
t/README.md
View file @ 3c4a7183
......@@ -6,60 +6,73 @@ Setup and files to test the *ngx_http_voms_module* are contained in the `t` fold
### Test fixture setup
All the certificates and proxy certificates used in the tests are in the [`certs`](certs) folder (see that [README](certs/README.md) for further details), while trust-anchors (e.g. igi-test-ca.pem) are in the [`trust-anchors`](trust-anchors) folder.
All the certificates, proxy certificates, trust-anchors directory, LSC files, etc., needed for the tests are automatically created by the `t/setup.sh` script. It uses utilities contained in the [helper-scripts](https://baltig.infn.it/mw-devel/helper-scripts) repo, in particulare in the `x509-scripts` subdirectory, and the VOMS clients. Certificates and proxies are described in configuration files `t/openssl.conf`, `t/conf.d/*` and `t/proxies.d/*`.
`vomses` is the _vomses_ file needed for the generation of proxy certificates.
The `helper-scripts` repo needs to be cloned somewhere locally and its X509 scripts made available in the PATH:
The LSC file `voms.example.lsc`, needed to perform correctly the VOMS AC validation, is in the [`vomsdir/test.vo`](vomsdir/test.vo) folder.
```shell
$ git clone https://baltig.infn.it/mw-devel/helper-scripts.git
$ PATH=$(pwd)/helper-scripts/x509-scripts/scripts:$PATH
```
Then, to setup, just run:
```shell
$(cd t && ./setup.sh)
```
### Running Tests
To run the tests made available in `t` just type
```shell
$ prove -v
$ prove
```
from `t`' s parent directory.
from `t`'s parent directory.
The `prove` command creates a directory called `servroot` in `t`, so if the `t` folder is accessible read-only, for
example in a docker container, just make a copy somewhere else and run the tests from there:
```
```shell
cp -r t /tmp
cd /tmp
prove -v
prove
```
### Test coverage
Note: the alert below is unavoidable, but it doesn't affect the tests.
To enable test coverage pass the `--coverage` option to both the compiler and the linker. For example:
```shell
$ ./configure ${RESTY_CONFIG_OPTIONS} --add-module=../ngx_http_voms_module --with-debug --with-cc-opt="-g -Og --coverage" --with-ld-opt="--coverage"
$ make && make install
```
The above command generates data files aside the source files for all Nginx. To enable coverage only for `ngx_http_voms_module` the `--coverage` option should be passed only when compiling `ngx_http_voms_module.cpp`, adding the option to `config.make`.
Running the tests will then create other data files with coverage information. To view that information, run `gcov <object file>`, e.g. `gcov .../objs/addon/src/ngx_http_voms_module.o`. This will produce files with the `.gcov` extension in the current directory.
[alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
```
### Testing directly the Nginx server
You can reuse the config file `t/servroot/conf/nginx.conf` produced by `test::Nginx`, which contains something like
```
server {
listen 8443 ssl;
server_name nginx-voms.example;
ssl_certificate ../../certs/nginx_voms_example.cert.pem;
ssl_certificate_key ./certs/nginx_voms_example.key.pem;
ssl_client_certificate ./trust-anchors/igi-test-ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
echo user: $voms_user;
...
http {
...
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
error_log logs/error.log debug;
listen 8443 ssl;
ssl_certificate ../../certs/star_test_example.cert.pem;
ssl_certificate_key ../../certs/star_test_example.key.pem;
ssl_client_certificate ../../trust-anchors/igi_test_ca.pem;
ssl_verify_depth 10;
ssl_verify_client on;
location = / {
default_type text/plain;
return 200 "$voms_user";
}
}
...
}
```
......@@ -74,17 +87,17 @@ server {
Start nginx:
```shell
$ nginx -p t/servroot
$ nginx -c conf/nginx.conf -p t/servroot/ -elogs/error.log
```
Modify (as root) `/etc/hosts` so that `nginx-voms.example` is an alias for `localhost`:
Modify (as root) `/etc/hosts` so that `nginx-voms.test.example` is an alias for `localhost`:
```
127.0.0.1 localhost nginx-voms.example
127.0.0.1 localhost nginx-voms.test.example
```
Then run for example `curl`, calling directly the HTTPS endpoint:
```shell
$ curl https://nginx-voms.example:8443 --cert t/certs/3.pem --capath t/trust-anchors --cacert t/certs/3.cert.pem
$ curl https://nginx-voms.test.example:8443 --cert t/certs/3.pem --capath t/trust-anchors --cacert t/certs/3.cert.pem
```
t/certs/0.cert.pem deleted 100644 → 0
View file @ 08cee99c
-----BEGIN CERTIFICATE-----
MIICkjCCAXygAwIBAgIEaPuJvzALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNTU0WhcN
MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTc2MTMxNTI2MzCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAgCtdYKINH/sClmYwxea8ydJbBTR7j8XdJmuZgA5c8YDLmN2E
Fo50XHtQXbpmNGvuOXC6n4hY193oEcXL7N+CTjlHEmx5imaNzFvcfEdjxx0Cytqi
xOt1tbhOvZUSMYqcIdJfPX21n7D1tObI3/+cZ16RHNWZF/wigdLoSr6qbZ0CAwEA
AaMxMC8wDgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEF
BQcVATALBgkqhkiG9w0BAQUDggEBACm+nPPqabJDsKb0BnihdPbIOls5Kla84nSo
p5WlRGrGtnBmWkL7WeZc2CYXzrrd4EhAQtjwnw1eYZ3+uTBNXbsQNSTiGqhfXcdH
p5O4AOUMdMda19kos67AIFCn5skWrKzn04TW8HEOYo6doJAkkAc7pFrQeXVU4IUM
ZlS6gNuXqLISelHZV2WGeueZ9oe8SL08ZKZCNI09BScUaqiIuuVdZhH48uNBQKXs
/KWjT8IBj4bTum+/nrSLGPRppSMC1bDfmn0C/ffk7g1Fo+ndyU9lB4ZF6eykGYe3
V1LswGAb9BQvbm2qYdmS4F/i2qLxkRyaA1IB8aaCv4tWqKtMH00=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
t/certs/0.eec.cert.pem deleted 100644 → 0
View file @ 08cee99c
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
t/certs/0.key.pem deleted 100644 → 0
View file @ 08cee99c
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCAK11gog0f+wKWZjDF5rzJ0lsFNHuPxd0ma5mADlzxgMuY3YQW
jnRce1BdumY0a+45cLqfiFjX3egRxcvs34JOOUcSbHmKZo3MW9x8R2PHHQLK2qLE
63W1uE69lRIxipwh0l89fbWfsPW05sjf/5xnXpEc1ZkX/CKB0uhKvqptnQIDAQAB
AoGAIEVK5IrIzTWRKDcgrqNzA0nQmxXkyoViMktDQefb5P6txJZ5rIg/qg1uZbsK
AsbuG05T3tkgrXF0/gyUVNbN4vKE1Po1HyCIz8ZO5ZoA+AB3W5swdkf/sP9/y5jG
qrh58CM+IqpyVIf0ZYSv3j/WEGgocBuzBlgzsu81ruR4ym0CQQDIAzAu1KigbKNs
kJvgjWGJK5fAF+eJgQ4waH1wnzlExgM8lBpQhNXiYnvcrTUBbBtc4onXbD1iiHkD
M52BJNhjAkEApAvuiv8TjIK9T5EyCf3Zbk5g8I9XUTNk2Qq9Dc9NfXnE9OwjNss/
hjvDCX89OA1DFRuud2a0qgvMSrVXnW+B/wJAJQzSJBqoke8N5tJyzYnjA3Hbzm2f
Kk2Jv1Xbxrz38tFrUBFvPnMc2666mwpKw1SvTOl59znJtTLql7k79+xHWQJAKcrA
YrjJCirkf7jFvrXlBq0BFUfvPsiREJojv7joTOcQvjTKY9Mzw8bF0U2REw6N4HrE
37ZSoF+RFBdO0tTtkQJAFs+jv0al71WnqEwoF0R8iSACcgTU5pG2c5upMUFbq+3V
Sc2mleRKf33pghtj1f/HP9+CXhUVG1rtLkcR6qW5Cg==
-----END RSA PRIVATE KEY-----
t/certs/0.pem deleted 100644 → 0
View file @ 08cee99c
-----BEGIN CERTIFICATE-----
MIICkjCCAXygAwIBAgIEaPuJvzALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNTU0WhcN
MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTc2MTMxNTI2MzCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAgCtdYKINH/sClmYwxea8ydJbBTR7j8XdJmuZgA5c8YDLmN2E
Fo50XHtQXbpmNGvuOXC6n4hY193oEcXL7N+CTjlHEmx5imaNzFvcfEdjxx0Cytqi
xOt1tbhOvZUSMYqcIdJfPX21n7D1tObI3/+cZ16RHNWZF/wigdLoSr6qbZ0CAwEA
AaMxMC8wDgYDVR0PAQH/BAQDAgXgMB0GCCsGAQUFBwEOAQH/BA4wDDAKBggrBgEF
BQcVATALBgkqhkiG9w0BAQUDggEBACm+nPPqabJDsKb0BnihdPbIOls5Kla84nSo
p5WlRGrGtnBmWkL7WeZc2CYXzrrd4EhAQtjwnw1eYZ3+uTBNXbsQNSTiGqhfXcdH
p5O4AOUMdMda19kos67AIFCn5skWrKzn04TW8HEOYo6doJAkkAc7pFrQeXVU4IUM
ZlS6gNuXqLISelHZV2WGeueZ9oe8SL08ZKZCNI09BScUaqiIuuVdZhH48uNBQKXs
/KWjT8IBj4bTum+/nrSLGPRppSMC1bDfmn0C/ffk7g1Fo+ndyU9lB4ZF6eykGYe3
V1LswGAb9BQvbm2qYdmS4F/i2qLxkRyaA1IB8aaCv4tWqKtMH00=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCAK11gog0f+wKWZjDF5rzJ0lsFNHuPxd0ma5mADlzxgMuY3YQW
jnRce1BdumY0a+45cLqfiFjX3egRxcvs34JOOUcSbHmKZo3MW9x8R2PHHQLK2qLE
63W1uE69lRIxipwh0l89fbWfsPW05sjf/5xnXpEc1ZkX/CKB0uhKvqptnQIDAQAB
AoGAIEVK5IrIzTWRKDcgrqNzA0nQmxXkyoViMktDQefb5P6txJZ5rIg/qg1uZbsK
AsbuG05T3tkgrXF0/gyUVNbN4vKE1Po1HyCIz8ZO5ZoA+AB3W5swdkf/sP9/y5jG
qrh58CM+IqpyVIf0ZYSv3j/WEGgocBuzBlgzsu81ruR4ym0CQQDIAzAu1KigbKNs
kJvgjWGJK5fAF+eJgQ4waH1wnzlExgM8lBpQhNXiYnvcrTUBbBtc4onXbD1iiHkD
M52BJNhjAkEApAvuiv8TjIK9T5EyCf3Zbk5g8I9XUTNk2Qq9Dc9NfXnE9OwjNss/
hjvDCX89OA1DFRuud2a0qgvMSrVXnW+B/wJAJQzSJBqoke8N5tJyzYnjA3Hbzm2f
Kk2Jv1Xbxrz38tFrUBFvPnMc2666mwpKw1SvTOl59znJtTLql7k79+xHWQJAKcrA
YrjJCirkf7jFvrXlBq0BFUfvPsiREJojv7joTOcQvjTKY9Mzw8bF0U2REw6N4HrE
37ZSoF+RFBdO0tTtkQJAFs+jv0al71WnqEwoF0R8iSACcgTU5pG2c5upMUFbq+3V
Sc2mleRKf33pghtj1f/HP9+CXhUVG1rtLkcR6qW5Cg==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
t/certs/1.cert.pem deleted 100644 → 0
View file @ 08cee99c
-----BEGIN CERTIFICATE-----
MIIIojCCB4ygAwIBAgIEcYDNoDALBgkqhkiG9w0BAQUwKzELMAkGA1UEBhMCSVQx
DDAKBgNVBAoTA0lHSTEOMAwGA1UEAxMFdGVzdDAwHhcNMTgwMzAyMTczNjQyWhcN
MjIwOTI0MTUzOTM0WjBAMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYD
VQQDEwV0ZXN0MDETMBEGA1UEAxMKMTkwNDI2NjY1NjCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAiC0Veis/ymIVjIsabZe30IIZggg1/FORMOy1fzI89eProMyf
lBtCkP55z47JIzN68PiGSLhAAIp8jpIoRECVsKfOiPYqAC/8Wi3SN3VR0BD59iTC
PoM0QDTw2vfCAiDffrhkIibveDKgDeEg33WQGmKnS6/1ajGPz1pNG/s/3ksCAwEA
AaOCBj8wggY7MA4GA1UdDwEB/wQEAwIF4DAdBggrBgEFBQcBDgEB/wQOMAwwCgYI
KwYBBQUHFQEwggYIBgorBgEEAb5FZGQFBIIF+DCCBfQwggXwMIIF7DCCBNQCAQEw
NqA0MC+kLTArMQswCQYDVQQGEwJJVDEMMAoGA1UEChMDSUdJMQ4wDAYDVQQDEwV0
ZXN0MAIBCaA4MDakNDAyMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRUwEwYD
VQQDDAx2b21zLmV4YW1wbGUwDQYJKoZIhvcNAQELBQACAQAwIhgPMjAxODAzMDIx
NzM2NDJaGA8yMDE4MDMwMzA1MzY0MlowOzA5BgorBgEEAb5FZGQEMSswKaAehhx0
ZXN0LnZvOi8vdm9tcy5leGFtcGxlOjE1MDAwMAcEBS90ZXN0MIID6DCCA7IGCisG
AQQBvkVkZAoEggOiMIIDnjCCA5owggOWMIICfqADAgECAgIDEzANBgkqhkiG9w0B
AQsFADAtMQswCQYDVQQGEwJJVDEMMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0
IENBMB4XDTE3MTIwNjA5NDYzN1oXDTI3MTIwNDA5NDYzN1owMjELMAkGA1UEBhMC
SVQxDDAKBgNVBAoMA0lHSTEVMBMGA1UEAwwMdm9tcy5leGFtcGxlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH/I2h4Nk1C0mCIaL60j9JIrcpESm+/h
o6KmAwS9x8J/eFF4/ZQG06ro3VaPHdUdpUk/TLJM0T5pLGDAj18PfG2ky1gMbt4z
amwyEbvT4U0DE7UfmTUdH6+0e9q2G1p2dlQE8+jXYGvGVdnUEut78j3f7J7a1N8Q
r+7cnZbHFIxgFtiSyimM3/dPj4ungAHn93pPPDJCr84u+Bp7vLXrIKfVKMGk01TT
3MDclnvECcWfL8jbc2EB5C6XuQVkGtx2CQnrr75sR7lbQYbBUcD+ZSMrlKywgUaZ
msKebwtiAzTTW7Xb56w4DjFj7YEfbrxBZYmxjS9f+oraiKz4yz/rKwIDAQABo4G6
MIG3MAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDOMCdRJlAHO0fsLnRlercTX9ZDE
MA4GA1UdDwEB/wQEAwIF4DA+BgNVHSUENzA1BggrBgEFBQcDAQYIKwYBBQUHAwIG
CisGAQQBgjcKAwMGCWCGSAGG+EIEAQYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUkXc2
ey60afMn6rf2CItKI6IRScYwFwYDVR0RBBAwDoIMdm9tcy5leGFtcGxlMA0GCSqG
SIb3DQEBCwUAA4IBAQDgxQjkkpsmCQRkuZ7JJ4IskExL8TwaTc32Wv6KWGs2Qjt7
0OBmKu4trdAqWVLIRIW2kK8SSczepGWq6W6D4c8g05iPPqihgvj1bpdzeL5Gp1qn
EDC3ARPPtAPGdPfkuFEhM3lKiNYBy8EiN26fHSw+69AJUTsKX7UZtho1Y5WU9Zmh
vBi8hKqbcDqyLcLtUBkgFpQh6knh2GEQnfUpZRGiFSuK9xRaSbgtXA/8dyDnAzoV
uCEx2DP8j3AcppCAhLOvHy0onsbiikPsJjK/12qqQlosUCkzXbfoWCK2x3u/pKxV
Mi1RWBrunoDSTSRLauOXLqdc41CEM7XspCBucB3pMAkGA1UdOAQCBQAwJQYDVR0j
BB4wHIAaBBgwFoAUkXc2ey60afMn6rf2CItKI6IRScYwDQYJKoZIhvcNAQELBQAD
ggEBAFdhMkrqJNkhSrdIJzB+MgXTDyi2/Bh800cKztQrWtGUu7fuVTxdrk4UhR7K
dW9ufghiAv1Cmy0fnOVILMx6FOJiFQkhLpHxpuDfh6Wnwv42W9q+Z1Uy88AiSKaX
Aqpt/OmF08C6OKrjIwl3OelOtzbwqq5Zour7ST1fFDLsU0d7zdSM65erQ8fFcN6f
HNYJt54HU/W/h5PcnhakdEAxPgQrCk+hJlUXTkhA+L9b23IKvbR3T/TIeTbZY44Y
XQplG+VdGEGBrZdBUtvKrxqxqU+SynLaYelDWsJpdLjw5m/vJvFbVj4X+zcFr1kP
UDMaGy9aoVzfdtsYTJk04hHy36EwCwYJKoZIhvcNAQEFA4IBAQBEN7/zZmuvfvv8
R7Opw0Pe2XnbunU3cmAxsWsNNds2HpUXCbuCNBjavCEeY8KvCCkhc6uAj7yppIEH
scjCO3L0SWMB3rrci93ttzZapScEwFoyfaa9HnbUmG6twoS0qs7HnN2Le823AEVi
ucZ8qFpwQNshWLdgMAy0sAhvs0rM8Yuz5MXYk/re3D4qPvHtVE4Luxt0vWZHAcr4
+KkJy+RSgJJ+ELkYyfU4DpiL7CXMoIKJsLZsqb4GMv3WGJ1YdHHxCt3OQpZhluB1
IxltwPqm7F4SU+13MPomSoGVIAOvy/Ss98SWQx8lDOorW1m9ZfrTiW/6Utkd3anS
ZTAXFVmk
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDEM
MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNFoX
DTIyMDkyNDE1MzkzNFowKzELMAkGA1UEBhMCSVQxDDAKBgNVBAoTA0lHSTEOMAwG
A1UEAxMFdGVzdDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKxtrw
hoZ27SxxISjlRqWmBWB6U+N/xW2kS1uUfrQRav6auVtmtEW45J44VTi3WW6Y113R
BwmS6oW+3lzyBBZVPqnhV9/VkTxLp83gGVVvHATgGgkjeTxIsOE+TkPKAoZJ/QFc
CfPh3WdZ3ANI14WYkAM9VXsSbh2okCsWGa4o6pzt3Pt1zKkyO4PW0cBkletDImJK
2vufuDVNm7Iz/y3/8pY8p3MoiwbF/PdSba7XQAxBWUJMoaleh8xy8HSROn7tF2al
xoDLH4QWhp6UDn2rvOWseBqUMPXFjsUi1/rkw1oHAjMroTk5lL15GI0LGd5dTVop
kKXFbTTYxSkPz1MLAgMBAAGjgcowgccwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
fLdB5+jO9LyWN2/VCNYgMa0jvHEwDgYDVR0PAQH/BAQDAgXgMD4GA1UdJQQ3MDUG
CCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEF
BQcDBDAfBgNVHSMEGDAWgBSRdzZ7LrRp8yfqt/YIi0ojohFJxjAnBgNVHREEIDAe
gRxhbmRyZWEuY2VjY2FudGlAY25hZi5pbmZuLml0MA0GCSqGSIb3DQEBBQUAA4IB
AQANYtWXetheSeVpCfnId9TkKyKTAp8RahNZl4XFrWWn2S9We7ACK/G7u1DebJYx
d8POo8ClscoXyTO2BzHHZLxauEKIzUv7g2GehI+SckfZdjFyRXjD0+wMGwzX7MDu
SL3CG2aWsYpkBnj6BMlr0P3kZEMqV5t2+2Tj0+aXppBPVwzJwRhnrSJiO5WIZAZf
49YhMn61sQIrepvhrKEUR4XVorH2Bj8ek1/iLlgcmFMBOds+PrehSRR8Gn0IjlEg
C68EY6KPE+FKySuS7Ur7lTAjNdddfdAgKV6hJyST6/dx8ymIkb8nxCPnxCcT2I2N
vDxcPMc/wmnMa+smNal0sJ6m
-----END CERTIFICATE-----
t/certs/1.key.pem deleted 100644 → 0
View file @ 08cee99c
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCILRV6Kz/KYhWMixptl7fQghmCCDX8U5Ew7LV/Mjz14+ugzJ+U
G0KQ/nnPjskjM3rw+IZIuEAAinyOkihEQJWwp86I9ioAL/xaLdI3dVHQEPn2JMI+
gzRANPDa98ICIN9+uGQiJu94MqAN4SDfdZAaYqdLr/VqMY/PWk0b+z/eSwIDAQAB
AoGAJM8i9hIIvTkEIChdrXAMVMVGBdsYVKt2HKZvbQF0bvb780w8enlf5feTj6JG
BkjdG5PiIHgFfN/ySUuCrOhUTbNhAx5a9YExqtJoiNaVBcIvlwVEK6Md8iYc9Opv
RB7MOwVmzoQQzTbsKQMDj2Bn1IZmLXKlaW+OW/n/I5KnoYkCQQDsLIGpEdnDlK3e
FaRaBSL8dlE6PA3HKokTeEoy9/yWGcvvtBAfsL8GhFAXEzrCNbuy0dGUymksCSp5
NTRSe6pfAkEAk5uTf+6TlZaCNutG3H9ScLTvBef3qcrVx9CzsPH8NK6x6GGhpPzl
FBmLtsRxeOGTIFbnEcbfImbuSQ1rcPBrlQJBALiJbia1E/qGSfSl5G2SZevuZzmh
gwKEcecMrq10p6CBN6Bsicy5RgnJiOr+04K8iZUH7ULdhaAq6U0cDW4FwvECQDXm
Om8dtCCMbBIXybFcgMMNHrbeZI5ItdWX/PWg90JZhDdh5z+y5Qd46I6dnv3QCQRn
F0tjfjk2ss5UKyZ7dB0CQQDAGspYNiI7YQoJm7hIAwh332SGuVVqb6IL9rMfsVR6
ffsKgAQtwl5JYGEKEXtO/yylfaiYqOMHNRJPsiI7IHLq
-----END RSA PRIVATE KEY-----