1
0

Compare commits

..

5 Commits

34 changed files with 401 additions and 255 deletions

View File

@ -0,0 +1,2 @@
{%- set resolver_status_zone = 'http_resolver' -%}
{% include 'resolver.j2m' %}

View File

@ -0,0 +1,13 @@
{%- if env.NGX_RESOLVERS %}
{%- if env.NGX_RESOLVER_STACK == 'any' %}
resolver {{ env.NGX_RESOLVERS }} status_zone={{ resolver_status_zone }};
{%- elif env.NGX_RESOLVER_STACK == 'ipv4' %}
resolver {{ env.NGX_RESOLVERS }} status_zone={{ resolver_status_zone }} ipv4=on ipv6=off;
{%- elif env.NGX_RESOLVER_STACK == 'ipv6' %}
resolver {{ env.NGX_RESOLVERS }} status_zone={{ resolver_status_zone }} ipv4=off ipv6=on;
{%- endif %}
{%- endif %}
{%- if env.NGX_RESOLVER_TIMEOUT %}
resolver_timeout {{ env.NGX_RESOLVER_TIMEOUT }};
{%- endif %}

View File

@ -0,0 +1,2 @@
{%- set resolver_status_zone = 'stream_resolver' -%}
{% include 'resolver.j2m' %}

View File

@ -2,7 +2,7 @@
set -ef
cd "$(dirname "$0")/.."
IMAGE_VERSION="${IMAGE_VERSION:-v0.0.1}"
IMAGE_VERSION="${IMAGE_VERSION:-v0.0.2}"
set -a
BUILDAH_FORMAT="${BUILDAH_FORMAT:-docker}"

View File

@ -2,7 +2,7 @@
set -ef
cd "$(dirname "$0")/.."
IMAGE_VERSION="${IMAGE_VERSION:-v0.0.1}"
IMAGE_VERSION="${IMAGE_VERSION:-v0.0.2}"
set -a
BUILDAH_FORMAT="${BUILDAH_FORMAT:-docker}"

View File

@ -2,7 +2,7 @@
set -ef
cd "$(dirname "$0")/.."
IMAGE_VERSION="${IMAGE_VERSION:-v0.0.1}"
IMAGE_VERSION="${IMAGE_VERSION:-v0.0.2}"
set -a
BUILDAH_FORMAT="${BUILDAH_FORMAT:-docker}"

View File

@ -1,4 +1,4 @@
FROM docker.io/rockdrilla/angie-conv:v0.0.1
FROM docker.io/rockdrilla/angie-conv:v0.0.2
SHELL [ "/bin/sh", "-ec" ]
COPY /site/ /etc/angie/site/

View File

@ -11,7 +11,7 @@ server {
Dockerfile:
```dockerfile
FROM docker.io/rockdrilla/angie-conv:v0.0.1
FROM docker.io/rockdrilla/angie-conv:v0.0.2
COPY /site/ /etc/angie/site/
COPY /static/ /etc/angie/static/

View File

@ -1,4 +1,4 @@
FROM docker.io/rockdrilla/angie-conv:v0.0.1
FROM docker.io/rockdrilla/angie-conv:v0.0.2
SHELL [ "/bin/sh", "-ec" ]
COPY /site/ /etc/angie/site/

View File

@ -3,7 +3,7 @@
Dockerfile:
```dockerfile
FROM docker.io/rockdrilla/angie-conv:v0.0.1
FROM docker.io/rockdrilla/angie-conv:v0.0.2
COPY /site/ /etc/angie/site/

View File

@ -1,4 +1,4 @@
FROM docker.io/rockdrilla/angie-conv:v0.0.1
FROM docker.io/rockdrilla/angie-conv:v0.0.2
SHELL [ "/bin/sh", "-ec" ]
COPY /site/ /etc/angie/site/

View File

@ -3,7 +3,7 @@
Dockerfile:
```dockerfile
FROM docker.io/rockdrilla/angie-conv:v0.0.1
FROM docker.io/rockdrilla/angie-conv:v0.0.2
COPY /site/ /etc/angie/site/

View File

@ -1,4 +1,4 @@
FROM docker.io/rockdrilla/angie-conv:v0.0.1
FROM docker.io/rockdrilla/angie-conv:v0.0.2
SHELL [ "/bin/sh", "-ec" ]
COPY /site/ /etc/angie/site/

View File

@ -3,7 +3,7 @@
Dockerfile:
```dockerfile
FROM docker.io/rockdrilla/angie-conv:v0.0.1
FROM docker.io/rockdrilla/angie-conv:v0.0.2
COPY /site/ /etc/angie/site/
COPY /static/ /etc/angie/static/

View File

@ -1,4 +1,4 @@
FROM docker.io/rockdrilla/angie-conv:v0.0.1
FROM docker.io/rockdrilla/angie-conv:v0.0.2
SHELL [ "/bin/sh", "-ec" ]
COPY /site/ /etc/angie/site/

View File

@ -13,7 +13,7 @@ server {
Dockerfile:
```dockerfile
FROM docker.io/rockdrilla/angie-conv:v0.0.1
FROM docker.io/rockdrilla/angie-conv:v0.0.2
COPY /site/ /etc/angie/site/
COPY /static/ /etc/angie/static/

View File

@ -8,7 +8,7 @@ empty_dir='/var/lib/empty'
have_envvar() {
[ -n "$1" ] || return 1
grep -Ezq "^$1=" /proc/self/environ || return
grep -Ezq "^$1=" /proc/$$/environ || return
}
## unexporting variable in (POSIX) sh is PITA =/
@ -202,6 +202,7 @@ prepend_list() {
}
list_have_item() {
[ -n "$1" ] || return 1
[ -n "$2" ] || return 1
case " $1 " in
*" $2 "* ) return 0 ;;
@ -213,16 +214,15 @@ normalize_list() {
[ -n "$1" ] || return 0
printf '%s' "$1" \
| tr -s '[:space:]' ' ' \
| sed -zE 's/^ //;s/ $//'
| sed -zE 's/[[:space:]]+/ /g;s/^ //;s/ $//'
}
sort_dedup_list() {
[ -n "$1" ] || return 0
printf '%s' "$1" \
| tr -s '[:space:]' '\n' | sort -uV | paste -sd ' ' \
| sed -zE 's/^\s+//;s/\s+$//'
| tr -s '[:space:]' '\n' | sort -uV \
| sed -zE 's/[[:space:]]+/ /g;s/^ //;s/ $//'
}
float_div() {
@ -235,4 +235,11 @@ find_fast() {
randN() {
od -v -A n -t x1 -N "$1" < /dev/urandom | tr -d '[:space:]'
}
re_ipv4_oct='[0-9]|[1-9][0-9]|[1-9][0-9][0-9]|2[0-4][0-9]|25[0-5]'
re_ipv4_addr="^${re_ipv4_oct}\.${re_ipv4_oct}\.${re_ipv4_oct}\.${re_ipv4_oct}\$"
is_ipv4_address() {
[ -n "$1" ] || return 1
printf '%s' "$1" | grep -zEq "${re_ipv4_addr}" || return 1
}

View File

@ -2,5 +2,6 @@
unset IEP_ROOT
IEP_ROOT=1
[ "$(stat -c %u /proc/1)" = 0 ] || IEP_ROOT=0
# [ "$(env stat -Lc %u /proc/$$)" = 0 ] || IEP_ROOT=0
[ "$(id -n)" = 0 ] || IEP_ROOT=0
export IEP_ROOT

View File

@ -3,15 +3,18 @@
unset IEP_LOCAL_OVERRIDE
IEP_LOCAL_OVERRIDE=0
unset _fsspec _fstarget _fstype _fsopts _fsreq _fspass
while read -r _fsspec _fstarget _fstype _fsopts _fsreq _fspass ; do
case "${_fstarget}" in
unset _fsspec i _extra
while read -r _fsspec i _extra ; do
[ -n "$i" ] || continue
case "$i" in
/angie | /angie/* )
IEP_LOCAL_OVERRIDE=1
break
;;
esac
done < /proc/mounts
unset _fsspec _fstarget _fstype _fsopts _fsreq _fspass
done <<-EOF
$(grep -F angie /proc/mounts)
EOF
unset _fsspec i _extra
export IEP_LOCAL_OVERRIDE

View File

@ -13,9 +13,14 @@ unset NGX_IPV4_ADDRESSES NGX_IPV6_ADDRESSES
for i in ${NGX_IP_ADDRESSES} ; do
case "$i" in
*:* )
## TODO: IPv6 address validation
NGX_IPV6_ADDRESSES=$(append_list "${NGX_IPV6_ADDRESSES}" "$i")
;;
* )
if ! is_ipv4_address "$i" ; then
log_always "invalid IPv4 address: $i"
continue
fi
NGX_IPV4_ADDRESSES=$(append_list "${NGX_IPV4_ADDRESSES}" "$i")
;;
esac

109
image-entry.d/06-resolver.envsh Executable file
View File

@ -0,0 +1,109 @@
#!/bin/sh
unset _NGX_RESOLVER_STACK _NGX_RESOLVER_TIMEOUT
## here should be SANE defaults (!)
_NGX_RESOLVER_STACK=ipv4
_NGX_RESOLVER_TIMEOUT=10s
if [ -z "${NGX_RESOLVER_STACK:-}" ] ; then
NGX_RESOLVER_STACK=${_NGX_RESOLVER_STACK}
else
case "${NGX_RESOLVER_STACK}" in
[Ii][Pp][Vv]4 | [Vv]4 | 4 )
## adjust
NGX_RESOLVER_STACK=ipv4
;;
[Ii][Pp][Vv]6 | [Vv]6 | 6 )
## adjust
NGX_RESOLVER_STACK=ipv6
;;
[Dd][Uu][Aa][Ll] | [Aa][Ll][Ll] | [Aa][Nn][Yy] )
## adjust
NGX_RESOLVER_STACK=any
;;
[Nn][Oo][Nn][Ee] | 0 )
## adjust
NGX_RESOLVER_STACK=none
;;
* )
log_always "NGX_RESOLVER_STACK: unrecognized value: ${NGX_RESOLVER_STACK}"
log_always "setting NGX_RESOLVER_STACK=${_NGX_RESOLVER_STACK}"
NGX_RESOLVER_STACK=${_NGX_RESOLVER_STACK}
;;
esac
fi
export NGX_RESOLVER_STACK
if [ "${NGX_RESOLVER_STACK}" = 'none' ] ; then
unset NGX_RESOLV_CONF NGX_RESOLVER_TIMEOUT NGX_RESOLVERS
else
if [ -z "${NGX_RESOLVER_TIMEOUT:-}" ] ; then
NGX_RESOLVER_TIMEOUT=${_NGX_RESOLVER_TIMEOUT}
else
case "${NGX_RESOLVER_TIMEOUT}" in
[1-9] | [1-9][0-9] )
## convert implicit "seconds" to explicit
NGX_RESOLVER_TIMEOUT="${NGX_RESOLVER_TIMEOUT}s"
;;
[1-9]s | [1-9][0-9]s )
## pass
;;
[1-9]ms | [1-9][0-9]ms | [1-9][0-9][0-9]ms | [1-9][0-9][0-9][0-9]ms | [1-9][0-9][0-9][0-9][0-9]ms )
## pass
;;
* )
log_always "NGX_RESOLVER_TIMEOUT: unrecognized value: ${NGX_RESOLVER_TIMEOUT}"
log_always "setting NGX_RESOLVER_TIMEOUT=${_NGX_RESOLVER_TIMEOUT}"
NGX_RESOLVER_TIMEOUT=${_NGX_RESOLVER_TIMEOUT}
;;
esac
fi
export NGX_RESOLVER_TIMEOUT
unset _resolv_conf
while [ -z "${NGX_RESOLVERS+x}" ] ; do
_resolv_conf="${NGX_RESOLV_CONF-/etc/resolv.conf}"
[ -n "${_resolv_conf}" ] || break
[ -f "${_resolv_conf}" ] || break
[ -s "${_resolv_conf}" ] || break
unset i
while read -r i ; do
[ -n "$i" ] || continue
case "$i" in
## NB: /etc/resolv.conf allows (!) IPv6 addresses in dotted form (RFC 2373) but this is discouraged
*:* )
## TODO: IPv6 address validation
i="[$i]"
case "${NGX_RESOLVER_STACK}" in
ipv6 | any )
NGX_RESOLVERS=$(append_list "${NGX_RESOLVERS}" "$i")
;;
esac
;;
* )
if ! is_ipv4_address "$i" ; then
log_always "invalid IPv4 address: $i"
continue
fi
case "${NGX_RESOLVER_STACK}" in
ipv4 | any )
NGX_RESOLVERS=$(append_list "${NGX_RESOLVERS}" "$i")
;;
esac
;;
esac
done <<-EOF
$(mawk '$1 == "nameserver" {print $2}' < "${_resolv_conf}")
EOF
unset i
done
unset _resolv_conf
[ -z "${NGX_RESOLVERS}" ] || export NGX_RESOLVERS
fi
unset _NGX_RESOLVER_STACK _NGX_RESOLVER_TIMEOUT

View File

@ -9,62 +9,68 @@ unset _NGX_USER _NGX_GROUP
_NGX_USER=angie
_NGX_GROUP=angie
[ -n "${NGX_USER:-}" ] || NGX_USER=${_NGX_USER}
case "${NGX_USER}" in
"${_NGX_USER}" ) ;;
## numeric id - remap to name
[1-9]* )
_user_name=$(getent passwd "${NGX_USER}" | cut -d: -f1)
if [ -n "${_user_name}" ] ; then
NGX_USER=${_user_name}
else
log_always "NGX_USER: ID is not known in /etc/passwd: ${NGX_USER}"
log_always "setting NGX_USER=${_NGX_USER}"
NGX_USER=${_NGX_USER}
fi
unset _user_name
;;
* )
_user_name=$(getent passwd "${NGX_USER}" | cut -d: -f1)
if [ -n "${_user_name}" ] ; then
NGX_USER=${_user_name}
else
log_always "NGX_USER: name is not known in /etc/passwd: ${NGX_USER}"
log_always "setting NGX_USER=${_NGX_USER}"
NGX_USER=${_NGX_USER}
fi
unset _user_name
;;
esac
if [ -z "${NGX_USER:-}" ] ; then
NGX_USER=${_NGX_USER}
else
case "${NGX_USER}" in
"${_NGX_USER}" ) ;;
[1-9]* )
## numeric id - remap to name
_user_name=$(getent passwd "${NGX_USER}" | cut -d: -f1)
if [ -n "${_user_name}" ] ; then
NGX_USER=${_user_name}
else
log_always "NGX_USER: ID is not known in /etc/passwd: ${NGX_USER}"
log_always "setting NGX_USER=${_NGX_USER}"
NGX_USER=${_NGX_USER}
fi
unset _user_name
;;
* )
_user_name=$(getent passwd "${NGX_USER}" | cut -d: -f1)
if [ -n "${_user_name}" ] ; then
NGX_USER=${_user_name}
else
log_always "NGX_USER: name is not known in /etc/passwd: ${NGX_USER}"
log_always "setting NGX_USER=${_NGX_USER}"
NGX_USER=${_NGX_USER}
fi
unset _user_name
;;
esac
fi
export NGX_USER
[ -n "${NGX_GROUP:-}" ] || NGX_GROUP=${_NGX_GROUP}
case "${NGX_GROUP}" in
"${_NGX_GROUP}" ) ;;
## numeric id - remap to name
[1-9]* )
_group_name=$(getent group "${NGX_GROUP}" | cut -d: -f1)
if [ -n "${_group_name}" ] ; then
NGX_GROUP=${_group_name}
else
log_always "NGX_GROUP: ID is not known in /etc/group: ${NGX_GROUP}"
log_always "setting NGX_GROUP=${_NGX_GROUP}"
NGX_GROUP=${_NGX_GROUP}
fi
unset _group_name
;;
* )
_group_name=$(getent group "${NGX_GROUP}" | cut -d: -f1)
if [ -n "${_group_name}" ] ; then
NGX_GROUP=${_group_name}
else
log_always "NGX_GROUP: name is not known in /etc/group: ${NGX_GROUP}"
log_always "setting NGX_GROUP=${_NGX_GROUP}"
NGX_GROUP=${_NGX_GROUP}
fi
unset _group_name
;;
esac
export NGX_USER NGX_GROUP
if [ -z "${NGX_GROUP:-}" ] ; then
NGX_GROUP=${_NGX_GROUP}
else
case "${NGX_GROUP}" in
"${_NGX_GROUP}" ) ;;
[1-9]* )
## numeric id - remap to name
_group_name=$(getent group "${NGX_GROUP}" | cut -d: -f1)
if [ -n "${_group_name}" ] ; then
NGX_GROUP=${_group_name}
else
log_always "NGX_GROUP: ID is not known in /etc/group: ${NGX_GROUP}"
log_always "setting NGX_GROUP=${_NGX_GROUP}"
NGX_GROUP=${_NGX_GROUP}
fi
unset _group_name
;;
* )
_group_name=$(getent group "${NGX_GROUP}" | cut -d: -f1)
if [ -n "${_group_name}" ] ; then
NGX_GROUP=${_group_name}
else
log_always "NGX_GROUP: name is not known in /etc/group: ${NGX_GROUP}"
log_always "setting NGX_GROUP=${_NGX_GROUP}"
NGX_GROUP=${_NGX_GROUP}
fi
unset _group_name
;;
esac
fi
export NGX_GROUP
unset _NGX_USER _NGX_GROUP

View File

@ -6,59 +6,65 @@ _NGX_WORKER_PROCESSES=2
_NGX_WORKER_PRIORITY=0
_NGX_WORKER_RLIMIT_NOFILE=16384
_NGX_WORKER_CONNECTIONS=4096
_NGX_WORKER_AIO_REQUESTS=64
_NGX_WORKER_AIO_REQUESTS=32
[ -n "${NGX_WORKER_PROCESSES:-}" ] || NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}
case "${NGX_WORKER_PROCESSES}" in
## allow values within [1;999]
[1-9] | [1-9][0-9] | [1-9][0-9][0-9] ) ;;
[Aa][Uu][Tt][Oo] )
## adjust
NGX_WORKER_PROCESSES=auto
log_always "NGX_WORKER_PROCESSES: \"auto\" isn't supported by container yet"
log_always "offloading decision to Angie (this could be a problem!)"
;;
0 )
log_always "NGX_WORKER_PROCESSES: \"0\" isn't supported by container yet"
log_always "setting NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}"
if [ -z "${NGX_WORKER_PROCESSES:-}" ] ; then
NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}
;;
* )
log_always "NGX_WORKER_PROCESSES: unrecognized value: ${NGX_WORKER_PROCESSES}"
log_always "setting NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}"
NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}
;;
esac
else
case "${NGX_WORKER_PROCESSES}" in
## allow values within [1;999]
[1-9] | [1-9][0-9] | [1-9][0-9][0-9] ) ;;
[Aa][Uu][Tt][Oo] )
## adjust
NGX_WORKER_PROCESSES=auto
log_always "NGX_WORKER_PROCESSES: \"auto\" isn't supported by container yet"
log_always "offloading decision to Angie (this could be a problem!)"
;;
0 )
log_always "NGX_WORKER_PROCESSES: \"0\" isn't supported by container yet"
log_always "setting NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}"
NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}
;;
* )
log_always "NGX_WORKER_PROCESSES: unrecognized value: ${NGX_WORKER_PROCESSES}"
log_always "setting NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}"
NGX_WORKER_PROCESSES=${_NGX_WORKER_PROCESSES}
;;
esac
fi
export NGX_WORKER_PROCESSES
if [ -z "${NGX_WORKER_CPU_AFFINITY:-}" ] ; then
unset NGX_WORKER_CPU_AFFINITY
else
## offload handling to Angie
## let Angie handle this
set -a
NGX_WORKER_CPU_AFFINITY=$(normalize_list "${NGX_WORKER_CPU_AFFINITY}")
set +a
fi
[ -n "${NGX_WORKER_CONNECTIONS:-}" ] || NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}
case "${NGX_WORKER_CONNECTIONS}" in
[0-9] | [1-9][0-9] )
log_always "NGX_WORKER_CONNECTIONS: too low: ${NGX_WORKER_CONNECTIONS}"
log_always "setting NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}"
if [ -z "${NGX_WORKER_CONNECTIONS:-}" ] ; then
NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}
;;
## allow values within [100;9999999]
[1-9][0-9][0-9] ) ;;
[1-9][0-9][0-9][0-9] ) ;;
[1-9][0-9][0-9][0-9][0-9] ) ;;
[1-9][0-9][0-9][0-9][0-9][0-9] ) ;;
[1-9][0-9][0-9][0-9][0-9][0-9][0-9] ) ;;
* )
log_always "NGX_WORKER_CONNECTIONS: unrecognized value: ${NGX_WORKER_CONNECTIONS}"
log_always "setting NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}"
NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}
;;
esac
else
case "${NGX_WORKER_CONNECTIONS}" in
[0-9] | [1-9][0-9] )
log_always "NGX_WORKER_CONNECTIONS: too low: ${NGX_WORKER_CONNECTIONS}"
log_always "setting NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}"
NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}
;;
## allow values within [100;9999999]
[1-9][0-9][0-9] ) ;;
[1-9][0-9][0-9][0-9] ) ;;
[1-9][0-9][0-9][0-9][0-9] ) ;;
[1-9][0-9][0-9][0-9][0-9][0-9] ) ;;
[1-9][0-9][0-9][0-9][0-9][0-9][0-9] ) ;;
* )
log_always "NGX_WORKER_CONNECTIONS: unrecognized value: ${NGX_WORKER_CONNECTIONS}"
log_always "setting NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}"
NGX_WORKER_CONNECTIONS=${_NGX_WORKER_CONNECTIONS}
;;
esac
fi
export NGX_WORKER_CONNECTIONS
if [ -z "${NGX_WORKER_PRIORITY:-}" ] ; then
@ -181,11 +187,14 @@ else
fi
if [ ${nofile_limit} -lt ${NGX_WORKER_CONNECTIONS} ] ; then
log_always "WARNING: ${nofile_kind} is less than NGX_WORKER_CONNECTIONS (${nofile_limit} < ${NGX_WORKER_CONNECTIONS})"
log_always "NGX_WORKER_CONNECTIONS is recommended to be at least twice larger than ${nofile_kind}"
else
unset ratio
ratio=$(float_div "${nofile_limit}" "${NGX_WORKER_CONNECTIONS}")
case "${ratio}" in
1 | 1.* )
log_always "WARNING: \"${nofile_kind}/NGX_WORKER_CONNECTIONS\" ratio is too low (=${ratio})"
log_always "NGX_WORKER_CONNECTIONS is recommended to be at least twice larger than ${nofile_kind}"
;;
esac
unset ratio

View File

@ -5,35 +5,11 @@ if [ "${NGX_HTTP}" = 0 ] ; then
else
NGX_HTTP_NO_PROXY=$(gobool_to_int "${NGX_HTTP_NO_PROXY:-0}" 0)
export NGX_HTTP_NO_PROXY
if [ "${NGX_HTTP_NO_PROXY}" = 0 ] ; then
NGX_HTTP_CONFLOAD=$(append_list "${NGX_HTTP_CONFLOAD}" proxy)
fi
unset http_modules http_confload
http_modules=
http_confload="${NGX_HTTP_CONFLOAD:-}"
if [ -n "${NGX_HTTP_MODULES}" ] ; then
## angie-module-lua: depends on angie-module-ndk
## angie-module-set-misc: depends on angie-module-ndk
# unset want_ndk
# want_ndk=0
# if list_have_item "${NGX_HTTP_MODULES}" lua ; then
# want_ndk=1
# elif list_have_item "${NGX_HTTP_MODULES}" set-misc ; then
# want_ndk=1
# fi
# if [ ${want_ndk} = 1 ] ; then
# NGX_HTTP_MODULES=$(prepend_list "${NGX_HTTP_MODULES}" ndk)
# fi
# unset want_ndk
NGX_HTTP_MODULES=$(
printf '%s' "${NGX_HTTP_MODULES}" \
| sed -zE 's/(\s|^)(lua|set-misc)(\s|$)/\1ndk \2\3/g'
)
fi
## filter out builtin http modules
unset i
for i in ${NGX_HTTP_MODULES:-} ; do
@ -62,17 +38,30 @@ else
done
unset i
if [ "${NGX_HTTP_NO_PROXY}" = 0 ] ; then
http_confload="${http_confload} proxy"
fi
## grpc depends on http/2
if list_have_item "${NGX_HTTP_CONFLOAD}" grpc ; then
unset want_http2
want_http2=0
if ! list_have_item "${NGX_HTTP_CONFLOAD}" v2 ; then
want_http2=1
if list_have_item "${http_confload}" grpc ; then
http_confload="${http_confload} v2"
fi
## angie-module-lua: depends on angie-module-ndk
## angie-module-set-misc: depends on angie-module-ndk
if [ -n "${http_modules:-}" ] ; then
unset want_ndk
want_ndk=0
if list_have_item "${http_modules}" lua ; then
want_ndk=1
elif list_have_item "${http_modules}" set-misc ; then
want_ndk=1
fi
if [ "${want_http2}" = 1 ] ; then
NGX_HTTP_CONFLOAD=$(append_list "${NGX_HTTP_CONFLOAD}" v2)
if [ ${want_ndk} = 1 ] ; then
## forcefully move 'ndk' to beginning of list
http_modules=$(printf '%s' " ${http_modules} " | sed -zE 's/ ndk / /;s/^/ndk/;s/ $//')
fi
unset want_http2
unset want_ndk
fi
set -a
@ -85,20 +74,19 @@ else
## quirk: angie-module-modsecurity
unset NGX_HTTP_WITH_MODSECURITY
NGX_HTTP_WITH_MODSECURITY=0
while : ; do
if ! list_have_item "${NGX_HTTP_MODULES}" modsecurity ; then
break
fi
if list_have_item "${NGX_HTTP_MODULES}" modsecurity ; then
unset d f
for d in /angie/modules /etc/angie/modules /etc/angie/modules.dist ; do
[ -d "$d" ] || continue
[ -f "$d/ngx_http_modsecurity_module.so" ] || continue
if ! [ -h "$d/ngx_http_modsecurity_module.so" ] ; then
f="$d/ngx_http_modsecurity_module.so"
[ -f "$f" ] || continue
if ! [ -h "$f" ] ; then
NGX_HTTP_WITH_MODSECURITY=1
break
fi
done ; unset d
break ; done
done
unset d f
fi
export NGX_HTTP_WITH_MODSECURITY
if [ "${NGX_HTTP_WITH_MODSECURITY}" = 1 ] ; then

View File

@ -25,31 +25,34 @@ else
NGX_HTTP_X_FORWARDED=remove
fi
[ -n "${NGX_HTTP_X_FORWARDED:-}" ] || NGX_HTTP_X_FORWARDED=${_NGX_HTTP_X_FORWARDED}
case "${NGX_HTTP_X_FORWARDED}" in
[Pp][Aa][Ss][Ss] )
## adjust
NGX_HTTP_X_FORWARDED=pass
;;
[Rr][Ee][Mm][Oo][Vv][Ee] )
## adjust
NGX_HTTP_X_FORWARDED=remove
;;
* )
unset x
x=$(gobool_to_int "${NGX_HTTP_X_FORWARDED}")
case "$x" in
0 ) NGX_HTTP_X_FORWARDED=remove ;;
1 ) NGX_HTTP_X_FORWARDED=pass ;;
if [ -z "${NGX_HTTP_X_FORWARDED:-}" ] ; then
NGX_HTTP_X_FORWARDED=${_NGX_HTTP_X_FORWARDED}
else
case "${NGX_HTTP_X_FORWARDED}" in
[Pp][Aa][Ss][Ss] )
## adjust
NGX_HTTP_X_FORWARDED=pass
;;
[Rr][Ee][Mm][Oo][Vv][Ee] )
## adjust
NGX_HTTP_X_FORWARDED=remove
;;
* )
log_always "NGX_HTTP_X_FORWARDED: unrecognized value: ${NGX_HTTP_X_FORWARDED}"
log_always "setting NGX_HTTP_X_FORWARDED=${_NGX_HTTP_X_FORWARDED}"
NGX_HTTP_X_FORWARDED=${_NGX_HTTP_X_FORWARDED}
unset x
x=$(gobool_to_int "${NGX_HTTP_X_FORWARDED}")
case "$x" in
0 ) NGX_HTTP_X_FORWARDED=remove ;;
1 ) NGX_HTTP_X_FORWARDED=pass ;;
* )
log_always "NGX_HTTP_X_FORWARDED: unrecognized value: ${NGX_HTTP_X_FORWARDED}"
log_always "setting NGX_HTTP_X_FORWARDED=${_NGX_HTTP_X_FORWARDED}"
NGX_HTTP_X_FORWARDED=${_NGX_HTTP_X_FORWARDED}
;;
esac
unset x
;;
esac
unset x
;;
esac
fi
export NGX_HTTP_X_FORWARDED
unset _NGX_HTTP_FAKE_UA _NGX_HTTP_X_FORWARDED

View File

@ -41,7 +41,7 @@ else
fi <<-EOF
$(
set +e
cat /proc/self/environ \
cat /proc/$$/environ \
| sed -zEn '/^([^=]+).*$/s//\1/p' \
| xargs -0r printf '%q\n' \
| {

View File

@ -2,4 +2,4 @@ jinja2==3.1.4
netaddr==1.3.0
psutil==6.0.0
pyyaml==6.0.2
wcmatch==9.0
wcmatch==10.0

View File

@ -23,24 +23,28 @@ find /var/cache/debconf/ ! -type d -wholename '/var/cache/debconf/*-old' -delete
__t=$(mktemp) ; : "${__t:?}"
debconf_trim_i18n() {
mawk 'BEGIN { m = 0 }
$0 == "" { print }
/^[^[:space:]]/ {
if ($1 ~ "\.[Uu][Tt][Ff]-?8:") { m = 1; next; }
m = 0; print $0;
}
/^[[:space:]]/ {
if (m == 1) next;
print $0;
}' < "$1" > "${__t}"
cat < "${__t}" > "$1"
mawk 'BEGIN { m = 0; }
$0 == "" { print; }
/^[^[:space:]]/ {
if ($1 ~ "\.[Uu][Tt][Ff]-?8:") {
m = 1;
next;
}
m = 0;
print $0;
}
/^[[:space:]]/ {
if (m == 1) next;
print $0;
}' < "$1" > "${__t}"
cat < "${__t}" > "$1"
}
debconf_trim_i18n /var/cache/debconf/templates.dat
while read -r tmpl ; do
[ -n "${tmpl}" ] || continue
[ -s "${tmpl}" ] || continue
debconf_trim_i18n "${tmpl}"
[ -n "${tmpl}" ] || continue
[ -s "${tmpl}" ] || continue
debconf_trim_i18n "${tmpl}"
done <<EOF
$(find "${DPKG_ADMINDIR}/info/" -type f -name '*.templates' | sort -V)
EOF

View File

@ -37,16 +37,15 @@ normalize_list() {
[ -n "$1" ] || return 0
printf '%s' "$1" \
| tr -s '[:space:]' ' ' \
| sed -zE 's/^ //;s/ $//'
| sed -zE 's/[[:space:]]+/ /g;s/^ //;s/ $//'
}
sort_dedup_list() {
[ -n "$1" ] || return 0
printf '%s' "$1" \
| tr -s '[:space:]' '\n' | sort -uV | paste -sd ' ' \
| sed -zE 's/^\s+//;s/\s+$//'
| tr -s '[:space:]' '\n' | sort -uV \
| sed -zE 's/[[:space:]]+/ /g;s/^ //;s/ $//'
}
pkgs=$(sort_dedup_list "${pkgs}")

View File

@ -22,8 +22,9 @@ _apt_update() {
}
_dpkg_avail_hack() {
: "${DPKG_ADMINDIR:=/var/lib/dpkg}"
VERSION_CODENAME=$(. /etc/os-release ; printf '%s' "${VERSION_CODENAME}") || :
f="${DPKG_ADMINDIR:-/var/lib/dpkg}/available"
f="${DPKG_ADMINDIR}/available"
# if ${VERSION_CODENAME} is empty then we're on Debian sid or so :)
case "${VERSION_CODENAME}" in
stretch | buster | bionic | focal )
@ -31,7 +32,7 @@ _dpkg_avail_hack() {
if [ -s "$f" ] ; then
return
fi
/usr/lib/dpkg/methods/apt/update "${DPKG_ADMINDIR:-/var/lib/dpkg}" apt apt
/usr/lib/dpkg/methods/apt/update "${DPKG_ADMINDIR}" apt apt
;;
* )
touch "$f"

View File

@ -1,19 +1,17 @@
#!/bin/sh
set -f
sed -znE '/^([^=]+)=.*$/s,,\1,p' /proc/self/environ \
sed -znE '/^([^=]+)=.*$/s,,\1,p' /proc/$$/environ \
| sed -zE \
-e '/^_$/d;/^ENVSUBST_/d;' \
-e '/^__IEP_/d;/^IEP_$/d' \
| {
if [ -n "${ENVSUBST_EXCLUDE_REGEX:-}" ] ; then
grep -zEv -e "${ENVSUBST_EXCLUDE_REGEX}"
elif [ -n "${ENVSUBST_INCLUDE_REGEX:-}" ] ; then
grep -zE -e "${ENVSUBST_INCLUDE_REGEX}"
else
if [ -n "${ENVSUBST_INCLUDE_REGEX:-}" ] ; then
grep -zE -e "${ENVSUBST_INCLUDE_REGEX}"
else
cat
fi
cat
fi
} \
| sort -zV \

View File

@ -20,11 +20,16 @@ w_cleanup() {
}
bundle_offsets() {
awk '
BEGIN { OFS = "," ; i_begin = 0 ; }
$0 == "-----BEGIN CERTIFICATE-----" { i_begin = NR ; }
$0 == "-----END CERTIFICATE-----" { if (i_begin > 0) { print i_begin,NR ; i_begin = 0 ; } }
' "$1"
mawk 'BEGIN { OFS = ","; i_begin = 0; }
$0 == "-----BEGIN CERTIFICATE-----" {
i_begin = NR;
}
$0 == "-----END CERTIFICATE-----" {
if (i_begin > 0) {
print i_begin, NR;
i_begin = 0;
}
}' "$1"
}
bundle_fingerprints() {

View File

@ -1,7 +1,9 @@
#!/bin/sh
set -f
for i ; do
find "$i/" -name __pycache__ -exec rm -rf {} +
find "$i/" ! -type d -name '*.py[co]' -exec rm -f {} +
[ -n "$i" ] || continue
[ -d "$i" ] || continue
find "$i/" -name __pycache__ -exec rm -rf {} +
find "$i/" ! -type d -name '*.py[co]' -exec rm -f {} +
done
exit 0

View File

@ -1,52 +1,41 @@
#!/bin/sh
set -f
COMPRESS_MIN_RATIO=90
if command -V gzip >/dev/null ; then has_gzip=1 ; fi
if command -V brotli >/dev/null ; then has_brotli=1 ; fi
if command -V zstd >/dev/null ; then has_zstd=1 ; fi
do_gzip() { [ -s "$1.gz" ] || gzip -1kf "$1" ; comp_fixup "$1" "$1.gz" ; }
do_brotli() { [ -s "$1.br" ] || brotli -1kf "$1" ; comp_fixup "$1" "$1.br" ; }
do_zstd() { [ -s "$1.zst" ] || zstd -q1kf "$1" ; comp_fixup "$1" "$1.zst" ; }
do_gzip() { [ -s "$1.gz" ] || gzip -1kf "$1" || return ; comp_fixup "$1" "$1.gz" || rm -f "$1.gz" ; }
do_brotli() { [ -s "$1.br" ] || brotli -1kf "$1" || return ; comp_fixup "$1" "$1.br" || rm -f "$1.br" ; }
do_zstd() { [ -s "$1.zst" ] || zstd -q1kf "$1" || return ; comp_fixup "$1" "$1.zst" || rm -f "$1.zst" ; }
float_div() {
mawk -v "a=$1" -v "b=$2" 'BEGIN{print a/b;exit;}' </dev/null
}
comp_fixup() {
size1=$(env stat -c '%s' "$1") || return
[ -f "$1" ] || return 1
size1=$(env stat -Lc '%s' "$1") || return 1
[ -n "${size1}" ] || return 1
[ "${size1}" != 0 ] || return 1
[ -f "$2" ] || return
[ -s "$2" ] || { rm -f "$2" ; return ; }
size2=$(env stat -c '%s' "$2") || return
[ -f "$2" ] || return 1
size2=$(env stat -c '%s' "$2") || return 1
[ -n "${size2}" ] || return 1
[ "${size2}" != 0 ] || return 1
pow1=${#size1} ; pow2=${#size2}
ratio=$(float_div "${size2}" "${size1}") || return 1
case "${ratio}" in
[0-9]*e-[0-9]* )
## doubtful but okay (c) Oleg Tinkov
;;
0.[0-8]* | 0.90* )
## compression ratio below 90% is fine
;;
* ) return 1 ;;
esac
## if size2 is _longer_ than size1 - compression did something wrong (file is bigger)
if [ ${pow2} -gt ${pow1} ] ; then
rm -f "$2" ; return
fi
## if size1 is _longer_ size2 more than 2 digits - compression was done very successful
## doubtful but okay (c) Oleg Tinkov
if [ $(( pow1 - pow2 )) -gt 2 ] ; then
return
fi
## math hack!
if [ ${pow1} -gt 7 ] ; then
skew=$(( pow1 - 4 ))
pow1=$(( pow1 - skew ))
pow2=$(( pow2 - skew ))
size1=$(printf '%s' "${size1}" | cut -c 1-${pow1})
size2=$(printf '%s' "${size2}" | cut -c 1-${pow2})
fi
ratio=$(( (100 * size2) / size1 ))
if [ ${ratio} -ge ${COMPRESS_MIN_RATIO} ] ; then
rm -f "$2"
else
## seems to be excessive
: touch -r "$1" -m "$2"
fi
return 0
}
for i ; do