nixpkgs/pkgs/servers/http/nginx/generic.nix
aszlig 1f24685d93
nginx/etag-patch: Use Nix store dir from build env
So far, the Nix store directory was hardcoded and if someone uses a
different Nix store directory the patch won't work. Of course, this is
pretty uncommon, but by not only substituting the store directory but
also the length of it we also save a few calls to ngx_strlen(), which
should save us a few cycles.

Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 10:07:55 +02:00

115 lines
3.5 KiB
Nix

{ stdenv, fetchurl, fetchpatch, openssl, zlib, pcre, libxml2, libxslt
, substituteAll, gd, geoip
, withDebug ? false
, withStream ? true
, withMail ? false
, modules ? []
, version, sha256, ...
}:
with stdenv.lib;
let
mapModules = attrPath: flip concatMap modules
(mod:
let supports = mod.supports or (_: true);
in
if supports version then mod.${attrPath} or []
else throw "Module at ${toString mod.src} does not support nginx version ${version}!");
in
stdenv.mkDerivation {
name = "nginx-${version}";
src = fetchurl {
url = "https://nginx.org/download/nginx-${version}.tar.gz";
inherit sha256;
};
buildInputs = [ openssl zlib pcre libxml2 libxslt gd geoip ]
++ mapModules "inputs";
configureFlags = [
"--with-http_ssl_module"
"--with-http_v2_module"
"--with-http_realip_module"
"--with-http_addition_module"
"--with-http_xslt_module"
"--with-http_geoip_module"
"--with-http_sub_module"
"--with-http_dav_module"
"--with-http_flv_module"
"--with-http_mp4_module"
"--with-http_gunzip_module"
"--with-http_gzip_static_module"
"--with-http_auth_request_module"
"--with-http_random_index_module"
"--with-http_secure_link_module"
"--with-http_degradation_module"
"--with-http_stub_status_module"
"--with-threads"
"--with-pcre-jit"
# Install destination problems
# "--with-http_perl_module"
] ++ optional withDebug [
"--with-debug"
] ++ optional withStream [
"--with-stream"
"--with-stream_geoip_module"
"--with-stream_realip_module"
"--with-stream_ssl_module"
"--with-stream_ssl_preread_module"
] ++ optional withMail [
"--with-mail"
"--with-mail_ssl_module"
]
++ optional (gd != null) "--with-http_image_filter_module"
++ optional (with stdenv.hostPlatform; isLinux || isFreeBSD) "--with-file-aio"
++ map (mod: "--add-module=${mod.src}") modules;
NIX_CFLAGS_COMPILE = [ "-I${libxml2.dev}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations";
configurePlatforms = [];
preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules);
patches = stdenv.lib.singleton (substituteAll {
src = ./nix-etag-1.15.4.patch;
preInstall = ''
export nixStoreDir="$NIX_STORE" nixStoreDirLen="''${#NIX_STORE}"
'';
}) ++ stdenv.lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/102-sizeof_test_fix.patch";
sha256 = "0i2k30ac8d7inj9l6bl0684kjglam2f68z8lf3xggcc2i5wzhh8a";
})
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/101-feature_test_fix.patch";
sha256 = "0v6890a85aqmw60pgj3mm7g8nkaphgq65dj4v9c6h58wdsrc6f0y";
})
(fetchpatch {
url = "https://raw.githubusercontent.com/openwrt/packages/master/net/nginx/patches/103-sys_nerr.patch";
sha256 = "0s497x6mkz947aw29wdy073k8dyjq8j99lax1a1mzpikzr4rxlmd";
})
] ++ mapModules "patches";
hardeningEnable = optional (!stdenv.isDarwin) "pie";
enableParallelBuilding = true;
postInstall = ''
mv $out/sbin $out/bin
'';
passthru.modules = modules;
meta = {
description = "A reverse proxy and lightweight webserver";
homepage = http://nginx.org;
license = licenses.bsd2;
platforms = platforms.all;
maintainers = with maintainers; [ thoughtpolice raskin fpletz ];
};
}