uwsgi-cgi: add package

2025-01-09 04:37:41 +08:00 · 2019-10-27 00:54:15 -07:00 · 2019-10-27 00:54:15 -07:00 · 27a1dc5b78
commit 27a1dc5b78
parent 3f1a0022aa
12 changed files with 292 additions and 0 deletions
--- a/net/uwsgi-cgi/Makefile
+++ b/net/uwsgi-cgi/Makefile
@ -0,0 +1,71 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=uwsgi-cgi
+PKG_VERSION:=2.0.18
+PKG_RELEASE:=4
+
+PKG_SOURCE_URL= \
+	https://projects.unbit.it/downloads \
+	https://codeload.github.com/unbit/uwsgi/tar.gz/$(PKG_VERSION)?
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=4972ac538800fb2d421027f49b4a1869b66048839507ccf0aa2fda792d99f583
+PKG_BUILD_DIR:=$(BUILD_DIR)/uwsgi-$(PKG_VERSION)
+
+PKG_LICENSE:=GPL-2.0-or-later
+PKG_LICENSE_FILES:=LICENSE
+PKG_MAINTAINER:=Ansuel Smith <ansuelsmth@gmail.com>
+
+PKG_BUILD_DEPENDS:=python3/host
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/uwsgi-cgi
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=Web Servers/Proxies
+  TITLE:=The uWSGI server
+  URL:=https://projects.unbit.it/uwsgi
+  DEPENDS:=+libcap +jansson +libuuid
+endef
+
+define Package/uwsgi-cgi-luci-support
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=Web Servers/Proxies
+  TITLE:=Support files for LuCI on Nginx
+  DEPENDS:=+uwsgi-cgi
+endef
+
+define Package/uwsgi-cgi/description
+	The uWSGI project build with cgi profile
+endef
+
+MAKE_VARS+=\
+	CPP=$(TARGET_CROSS)cpp \
+	PYTHON=$(STAGING_DIR_HOSTPKG)/bin/python3
+
+define Build/Compile
+	$(call Build/Compile/Default,PROFILE=cgi)
+endef
+
+define Package/uwsgi-cgi/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/uwsgi $(1)/usr/sbin/
+
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/uwsgi.init $(1)/etc/init.d/uwsgi
+	
+	$(INSTALL_DIR) $(1)/etc/uwsgi
+	$(INSTALL_DATA) ./files/emperor.ini $(1)/etc/uwsgi/emperor.ini
+
+	$(INSTALL_DIR) $(1)/etc/uwsgi/vassals
+endef
+
+define Package/uwsgi-cgi-luci-support/install
+	$(INSTALL_DIR) $(1)/etc/uwsgi/vassals
+	$(INSTALL_DATA) ./files-luci-support/luci-webui.ini $(1)/etc/uwsgi/vassals/luci-webui.ini
+	$(INSTALL_DATA) ./files-luci-support/luci-cgi_io.ini $(1)/etc/uwsgi/vassals/luci-cgi_io.ini
+endef
+
+$(eval $(call BuildPackage,uwsgi-cgi))
+$(eval $(call BuildPackage,uwsgi-cgi-luci-support))
--- a/net/uwsgi-cgi/files-luci-support/luci-cgi_io.ini
+++ b/net/uwsgi-cgi/files-luci-support/luci-cgi_io.ini
@ -0,0 +1,22 @@
+[uwsgi]
+strict = true
+cgi-mode = true
+cgi = /www/
+buffer-size = 10000
+reload-mercy = 8
+max-requests = 2000
+limit-as = 200
+reload-on-as = 256
+reload-on-rss = 192
+no-orphans = true
+post-buffering = 8192
+socket-timeout = 120
+thunder-lock = true
+#logger = syslog:uwsgi-luci-cgi_io
+disable-logging = true
+chmod-socket = 666
+cgi-safe = /usr/libexec/cgi-io
+cgi-dontresolve = true
+cgi-close-stdin-on-eof = true
+cheap = true
+idle = 360
--- a/net/uwsgi-cgi/files-luci-support/luci-webui.ini
+++ b/net/uwsgi-cgi/files-luci-support/luci-webui.ini
@ -0,0 +1,28 @@
+[uwsgi]
+strict = true
+cgi-mode = true
+cgi = /www/
+chdir = /usr/lib/lua/luci/
+buffer-size = 10000
+reload-mercy = 8
+max-requests = 2000
+limit-as = 200
+reload-on-as = 256
+reload-on-rss = 192
+enable-threads = true
+post-buffering = 8192
+socket-timeout = 120
+thunder-lock = true
+#logger = syslog:uwsgi-luci
+disable-logging = true
+log-format = %(addr) %(method) %(uri) => generated %(rsize) bytes in %(msecs) msecs
+threads = 3
+processes = 3
+chmod-socket = 666
+cheap = true
+cheaper-algo = spare
+cheaper = 1
+cheaper-initial = 2
+cheaper-step = 1
+master = true
+idle = 360
--- a/net/uwsgi-cgi/files/emperor.ini
+++ b/net/uwsgi-cgi/files/emperor.ini
@ -0,0 +1,10 @@
+[uwsgi]
+strict = true
+pidfile	= /var/run/uwsgi.pid
+emperor = /etc/uwsgi/vassals/*.ini
+logger = syslog:uwsgi-emperor
+vacuum = true
+emperor-on-demand-directory = /var/run/
+emperor-required-heartbeat = 99
+vassal-set = die-on-idle=true
+#disable-logging = true
--- a/net/uwsgi-cgi/files/uwsgi.init
+++ b/net/uwsgi-cgi/files/uwsgi.init
@ -0,0 +1,13 @@
+#!/bin/sh /etc/rc.common
+
+START=79
+USE_PROCD=1
+
+start_service() {
+	procd_open_instance
+	procd_set_param command /usr/sbin/uwsgi --ini /etc/uwsgi/emperor.ini
+	procd_set_param file /etc/uwsgi/emperor.ini
+	procd_set_param respawn
+	procd_close_instance
+}
+
--- a/net/uwsgi-cgi/patches/001-remove-unused-deps.patch
+++ b/net/uwsgi-cgi/patches/001-remove-unused-deps.patch
@ -0,0 +1,17 @@
+--- a/buildconf/base.ini
+++ b/buildconf/base.ini
+@@ -1,9 +1,9 @@
+ [uwsgi]
+-xml = auto
+-yaml = true
+-json = auto
+-ssl = auto
+-pcre = auto
+xml = false
+yaml = embedded
+json = jansson
+ssl = false
+pcre = false
+ routing = auto
+ debug = false
+ unbit = false
--- a/net/uwsgi-cgi/patches/002-dont-hardcode-zlib.patch
+++ b/net/uwsgi-cgi/patches/002-dont-hardcode-zlib.patch
@ -0,0 +1,19 @@
+--- a/uwsgiconfig.py
+++ b/uwsgiconfig.py
+@@ -851,11 +851,11 @@ class uConf(object):
+                 self.cflags.append('-DUWSGI_HAS_EXECINFO')
+                 report['execinfo'] = True
+ 
+-        if self.has_include('zlib.h'):
+-            self.cflags.append('-DUWSGI_ZLIB')
+-            self.libs.append('-lz')
+-            self.gcc_list.append('core/zlib')
+-            report['zlib'] = True
+#        if self.has_include('zlib.h'):
+#            self.cflags.append('-DUWSGI_ZLIB')
+#            self.libs.append('-lz')
+#            self.gcc_list.append('core/zlib')
+            report['zlib'] = False
+ 
+         if uwsgi_os == 'OpenBSD':
+             try:
--- a/net/uwsgi-cgi/patches/003-dont-override-toolchain-optimization.patch
+++ b/net/uwsgi-cgi/patches/003-dont-override-toolchain-optimization.patch
@ -0,0 +1,11 @@
+--- a/uwsgiconfig.py
+++ b/uwsgiconfig.py
+@@ -680,7 +680,7 @@ class uConf(object):
+             self.include_path += os.environ['UWSGI_INCLUDES'].split(',')
+ 
+ 
+-        self.cflags = ['-O2', '-I.', '-Wall', '-D_LARGEFILE_SOURCE', '-D_FILE_OFFSET_BITS=64'] + os.environ.get("CFLAGS", "").split() + self.get('cflags','').split()
+        self.cflags = ['-I.', '-Wall', '-D_LARGEFILE_SOURCE', '-D_FILE_OFFSET_BITS=64'] + os.environ.get("CFLAGS", "").split() + self.get('cflags','').split()
+ 
+         report['kernel'] = uwsgi_os
+ 
--- a/net/uwsgi-cgi/patches/004-hard-code-Linux-as-compilation-os.patch
+++ b/net/uwsgi-cgi/patches/004-hard-code-Linux-as-compilation-os.patch
@ -0,0 +1,15 @@
+--- a/uwsgiconfig.py
+++ b/uwsgiconfig.py
+@@ -5,9 +5,9 @@
+ import os
+ import re
+ import time
+-uwsgi_os = os.uname()[0]
+-uwsgi_os_k = re.split('[-+_]', os.uname()[2])[0]
+-uwsgi_os_v = os.uname()[3]
+uwsgi_os = "Linux"
+uwsgi_os_k = "4.4.0"
+uwsgi_os_v = "Linux"
+ uwsgi_cpu = os.uname()[4]
+ 
+ import sys
--- a/net/uwsgi-cgi/patches/010-uclibc-ng.patch
+++ b/net/uwsgi-cgi/patches/010-uclibc-ng.patch
@ -0,0 +1,11 @@
+--- a/core/uwsgi.c
+++ b/core/uwsgi.c
+@@ -1820,7 +1820,7 @@ void uwsgi_plugins_atexit(void) {
+ 
+ void uwsgi_backtrace(int depth) {
+ 
+-#if defined(__GLIBC__) || (defined(__APPLE__) && !defined(NO_EXECINFO)) || defined(UWSGI_HAS_EXECINFO)
+#if (!defined(__UCLIBC__) && defined(__GLIBC__)) || (defined(__APPLE__) && !defined(NO_EXECINFO)) || defined(UWSGI_HAS_EXECINFO)
+ 
+ #include <execinfo.h>
+ 
--- a/net/uwsgi-cgi/patches/020-uwsgiconfig-system-python3.patch
+++ b/net/uwsgi-cgi/patches/020-uwsgiconfig-system-python3.patch
@ -0,0 +1,10 @@
+Index: uwsgi-2.0.18/Makefile
+===================================================================
+--- uwsgi-2.0.18.orig/Makefile
+++ uwsgi-2.0.18/Makefile
+@@ -1,4 +1,4 @@
+-PYTHON := python
+PYTHON ?= python3
+ 
+ all:
+ 	$(PYTHON) uwsgiconfig.py --build $(PROFILE)
--- a/net/uwsgi-cgi/patches/030-plugins-cgi_adds_dontresolve_option.patch
+++ b/net/uwsgi-cgi/patches/030-plugins-cgi_adds_dontresolve_option.patch
@ -0,0 +1,65 @@
+From f259999d824b921a8a443e73d8c2b9e2d2170413 Mon Sep 17 00:00:00 2001
+From: Ansuel Smith <ansuelsmth@gmail.com>
+Date: Tue, 8 Oct 2019 02:10:43 +0200
+Subject: [PATCH] plugins/cgi: adds dontresolve option
+
+This option permit to call the simbolic link instead of the file the simbolic link points.
+All the security check are still done as the simbolic path is passed at the end after all the checks are passed. This is useful if some cgi app are used for multiple function based on the name they are called by.
+
+Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
+---
+ plugins/cgi/cgi_plugin.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/plugins/cgi/cgi_plugin.c b/plugins/cgi/cgi_plugin.c
+index d032db17c..30e1cc528 100644
+--- a/plugins/cgi/cgi_plugin.c
+++ b/plugins/cgi/cgi_plugin.c
+@@ -15,6 +15,7 @@ struct uwsgi_cgi {
+ 	struct uwsgi_string_list *loadlib;
+ 	struct uwsgi_string_list *cgi_safe;
+ 	int optimize;
+	int dontresolve;
+ 	int from_docroot;
+ 	int has_mountpoints;
+ 	struct uwsgi_dyn_dict *default_cgi;
+@@ -75,6 +76,8 @@ struct uwsgi_option uwsgi_cgi_options[] = {
+ 
+         {"cgi-safe", required_argument, 0, "skip security checks if the cgi file is under the specified path", uwsgi_opt_add_string_list, &uc.cgi_safe, 0},
+ 
+        {"cgi-dontresolve", no_argument, 0 , "call symbolic link directly instead of the real path", uwsgi_opt_true,&uc.dontresolve, 0},
+
+         {0, 0, 0, 0, 0, 0, 0},
+ 
+ };
+@@ -475,6 +478,7 @@ static int uwsgi_cgi_request(struct wsgi_request *wsgi_req) {
+ 
+ 	char full_path[PATH_MAX];
+ 	char tmp_path[PATH_MAX];
+	char symbolic_path[PATH_MAX];
+ 	struct stat cgi_stat;
+ 	int need_free = 0;
+ 	int is_a_file = 0;
+@@ -533,6 +537,10 @@ static int uwsgi_cgi_request(struct wsgi_request *wsgi_req) {
+ 			uwsgi_404(wsgi_req);
+ 			return UWSGI_OK;
+ 		}
+		if (uc.dontresolve) {
+			full_path_len = strlen(full_path);
+			memcpy(symbolic_path, full_path, full_path_len+1);
+		}
+ 
+ 		full_path_len = strlen(tmp_path);
+ 		// add +1 to copy the null byte
+@@ -639,6 +647,11 @@ static int uwsgi_cgi_request(struct wsgi_request *wsgi_req) {
+ 		}
+ 	}
+ 
+	if (uc.dontresolve) {
+		full_path_len = strlen(symbolic_path);
+		memcpy(full_path, symbolic_path, full_path_len+1);
+	}
+
+ 	int ret = uwsgi_cgi_run(wsgi_req, docroot, docroot_len, full_path, helper, path_info, script_name, is_a_file, discard_base);
+ 	if (need_free) free(docroot);
+ 	return ret;