使用rpmbuild制作Nginx的RPM包

作者: 王奥OX | 来源:发表于2019-01-16 15:40 被阅读72次

RHEL/CentOS安装EPEL/Remi扩展仓库配置小结
使用rpmbuild制作Nginx的RPM包
rpmbuild制作rpm 包
rpm包制作
prometheus监控节点node_exporter rpm包
Nginx-http服务的常用配置
使用 rpmbuild 制作 rmp 包
Spec文件参数简述
制作RPM包
2. Nginx的目录与配置语法之安装目录

image

前言

题图为RPM包制作原理图，有时候为了方便源码包的安装，和我们自己订制软件包的需求，我们会把一些源码包按照我们的需求来做成 rpm 包，当有了源码包就可以直接编译得到二进制安装包和其他任意包。spec file 是制作 rpm 包最核心的部分，rpm 包的制作就是根据 spec file 来实现的。在制作自定义 rpm 包的时候最好不要使用管理员进行, 因为管理员权限过大，如果一个命令写错了，结果可能是灾难性的，而制件一个 rpm 包普通用户完全可以实现。本文主要介绍使用rpmbuild制作Nginx的RPM包，大部分步骤已经使用Bash Shell自动化完成了，大家可以基于此重新定义。

使用rpmbuild制作Nginx的RPM包

更新历史

2019年01月16日 - 初稿

阅读原文 - https://wsgzao.github.io/post/rpmbuild/

扩展阅读

Creating RPM packages - https://docs.fedoraproject.org/en-US/quick-docs/creating-rpm-packages/index.html
How to create a GNU Hello RPM - https://fedoraproject.org/wiki/How_to_create_a_GNU_Hello_RPM_package/zh-cn
使用 rpm-build 制作 nginx 的 rpm 包 - http://blog.51cto.com/nmshuishui/1583117

什么是RPM

An RPM package is simply a file containing other files and information about them needed by the system. Specifically, an RPM package consists of the cpio archive, which contains the files, and the RPM header, which contains metadata about the package. The rpm package manager uses this metadata to determine dependencies, where to install files, and other information.

There are two types of RPM packages:

source RPM (SRPM)
binary RPM

SRPMs and binary RPMs share the file format and tooling, but have different contents and serve different purposes. An SRPM contains source code, optionally patches to it, and a SPEC file, which describes how to build the source code into a binary RPM. A binary RPM contains the binaries built from the sources and patches.

RPM 有五种基本的操作功能：安装、卸载、升级、查询和验证。

Linux 软件包分为两大类：

二进制类包，包括 rpm 安装包（一般分为 i386 和 x86 等几种）
源码类包，源码包和开发包应该归位此类（.src.rpm）

在 Redhat 下，rpm 包的默认制作路径在 /usr/src/redhat 下，这其中包含了 6 个目录（要求全部大写）。但 Centos 并没有该目录，因此我们不得不自定义工作车间，即使在 Redhat 下有该目录，一般也是自定义到普通用户的家目录下的

Directory	Usage
BUILD	源代码解压以后放的位置，只需提供BUILD目录，具体里面放什么，不用我们管，所以真正的制作车间是BUILD目录
RPMS	制作完成后的rpm包存放目录，为特定平台指定子目录（i386,i686,ppc）
SOURCES	收集的源文件，源材料，补丁文件等存放位置
SPECS	存放spec文件，作为制作rpm包的领岗文件，以 rpm名.spec
SRPMS	src格式的rpm包位置，既然是src格式的包，就没有平台的概念了
BuiltRoot	假根，使用install临时安装到这个目录，把这个目录当作根来用的，所以在这个目录下的目录文件，才是真正的目录文件。当打包完成后，在清理阶段，这个目录将被删除

更详细的介绍可以参考 RPM Packaging Guide

https://rpm-packaging-guide.github.io/

制作 rpm 包

如果你只关心如何使用可以直接跳过看下文，这里主要暂时代码和配置文件

build shell

# luajit.sh
LUAVER=2.0.5
WKDIR="/root/rpmbuild/SOURCES"
cd $WKDIR
wget http://luajit.org/download/LuaJIT-$LUAVER.tar.gz
tar zxf LuaJIT-$LUAVER.tar.gz
rm LuaJIT-$LUAVER.tar.gz
cd LuaJIT-$LUAVER
make BUILDMODE=static
make install
export LUAJIT_LIB=/usr/local/lib
export LUAJIT_INC=/usr/local/include/luajit-2.0

# build.sh
NGX_VER=1.14.1
WKDIR="/root/rpmbuild/SOURCES"
CURRENTDIR=`dirname $(readlink -f "$0")`
echo $CURRENTDIR
export LUAJIT_LIB=/usr/local/lib
export LUAJIT_INC=/usr/local/include/luajit-2.0
cd $WKDIR
wget http://nginx.org/download/nginx-$NGX_VER.tar.gz
tar xzf nginx-$NGX_VER.tar.gz
rm nginx-$NGX_VER.tar.gz
mv nginx-$NGX_VER nginx-garena-$NGX_VER
cd nginx-garena-$NGX_VER/

mkdir -p contrib
cd contrib/
git clone git://github.com/bigplum/Nginx-limit-traffic-rate-module.git
git clone git://github.com/agentzh/headers-more-nginx-module.git
#git clone git://github.com/gnosek/nginx-upstream-fair.git
git clone git://github.com/agentzh/echo-nginx-module.git
#git clone git://github.com/arut/nginx-dav-ext-module.git
git clone git://github.com/r10r/ngx_http_auth_pam_module.git
git clone git://github.com/FRiCKLE/ngx_cache_purge.git
git clone git://github.com/simpl/ngx_devel_kit.git
git clone git://github.com/openresty/lua-nginx-module.git
git clone git://github.com/nbs-system/naxsi.git
rm -rf */.git
cd ..

cp -r $CURRENTDIR/nginx-template/* $WKDIR/nginx-garena-$NGX_VER/
cp $CURRENTDIR/nginx-spec /root/rpmbuild/SPECS/
#cp /root/rules $WKDIR/nginx-garena-$NGX_VER/debian/
cd $WKDIR
tar zcf nginx-garena-$NGX_VER.tar.gz nginx-garena-$NGX_VER/
cd /root/rpmbuild/SPECS/
rpmbuild -ba nginx-spec
cd /root/rpmbuild/RPMS/noarch

nginx-spec

# 1.The introduction section 
Name: nginx-garena                                      # 软件包名称
Version: 1.14.1                                         # 版本号
Release: 0                                              # release号
Summary: nginx garena rpm                               # 简要描述信息
Source0: nginx-garena-1.14.1.tar.gz                     # source主要是引用一下自己定义好的脚本，配置文件之类的内容
License: GPL                                            # 一定带上（最好是对方源码包的License）BSD，GPL，GPLv2
Group: Rahul                                            # 要全用这里面的一个组：less /usr/share/doc/rpm-version/GROUPS
BuildArch: noarch               
BuildRoot: %{_tmppath}/%{name}-buildroot                
%description                                            # 软件包详述
Garena self-build Nginx.
%define _binaries_in_noarch_packages_terminate_build   0

# 2.The Prep section 准备阶段,主要就是把源码包解压到build目录下，设置一下环境变量，并cd进去
%prep
%setup -q %{name}-%{version}                            # 这个宏的作用静默模式解压并cd

# 3.The Build Section 编译制作阶段，这一节主要用于编译源码
%build
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr/share/nginx/ \
                    --sbin-path=/usr/sbin/nginx \
                    --conf-path=/etc/nginx/nginx.conf \
                    --error-log-path=/var/log/nginx/error.log \
                    --http-log-path=/var/log/nginx/access.log \
                    --pid-path=/var/run/nginx.pid \
                    --lock-path=/var/lock/nginx.lock \
                    --http-client-body-temp-path=/var/lib/nginx/body \
                    --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
                    --http-proxy-temp-path=/var/lib/nginx/proxy \
                    --http-scgi-temp-path=/var/lib/nginx/scgi \
                    --http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
                    --with-pcre-jit \
                    --with-http_flv_module \
                    --with-http_mp4_module \
                    --with-file-aio \
            --with-http_v2_module \
            --with-stream \
            --with-stream_ssl_module \
                    --with-http_auth_request_module \
            --with-http_slice_module \
            --with-threads \
                    --with-http_gunzip_module \
            --with-http_random_index_module \
            --with-http_secure_link_module \
                    --with-http_geoip_module \
                    --with-http_ssl_module \
                    --with-openssl=/usr/local/src/openssl-1.0.2p \
                    --with-http_addition_module \
                    --with-http_geoip_module \
                    --with-http_gzip_static_module \
                    --with-http_realip_module \
                    --with-ipv6 \
                    --without-mail_pop3_module \
                    --without-mail_imap_module \
                    --without-mail_smtp_module \
                    --add-module=contrib/Nginx-limit-traffic-rate-module \
                    --add-module=contrib/headers-more-nginx-module \
                    --add-module=contrib/echo-nginx-module \
                    --add-module=contrib/ngx_http_auth_pam_module \
                    --add-module=contrib/ngx_cache_purge \
                    --add-module=contrib/ngx_devel_kit \
                    --add-module=contrib/lua-nginx-module \
                    --add-module=contrib/naxsi/naxsi_src
make -j8

# 4.Install section  这一节主要用于完成实际安装软件必须执行的命令，可包含4种类型脚本
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
make DESTDIR=$RPM_BUILD_ROOT install
install -m 0755 -d $RPM_BUILD_ROOT/etc/nginx/sites-enabled
install -m 0755 -d $RPM_BUILD_ROOT/etc/nginx/sites-available
install -m 0755 -d $RPM_BUILD_ROOT/var/log/nginx
install -m 0755 -d $RPM_BUILD_ROOT/var/lib/nginx
install -D -m 644 conf/sites-available/000_stub_status $RPM_BUILD_ROOT/etc/nginx/sites-available/000_stub_status
install -D -m 644 conf/django_fastcgi_params $RPM_BUILD_ROOT/etc/nginx/django_fastcgi_params
install -D -m 644 conf/naxsi_core.rules $RPM_BUILD_ROOT/etc/nginx/naxsi_core.rules
install -D -m 644 conf/sites-available/000_stub_status $RPM_BUILD_ROOT/etc/nginx/sites-enabled/000_stub_status
install -D -m 644 logrotate.d/nginx $RPM_BUILD_ROOT/etc/logrotate.d/nginx
install -D -m 644 nginx.service $RPM_BUILD_ROOT/usr/lib/systemd/system/nginx.service

# 5.clean section 清理段，clean的主要作用就是删除BUILD
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%post
useradd -s /sbin/nologin -d /var/www www-data
chown -R www-data.www-data /var/log/nginx /var/lib/nginx
systemctl enable nginx
echo %{name}-%{version} is successfully installed.
systemctl start nginx
# 6.file section 文件列表段，这个阶段是把前面已经编译好的内容要打包了
%files
%defattr(-,root,root)
%dir /etc/nginx
/etc/nginx/*
%dir /usr/src/debug/nginx-garena-1.14.1
/usr/src/debug/nginx-garena-1.14.1/*
/usr/sbin/nginx
%dir /usr/share/nginx
/usr/share/nginx/*
/etc/logrotate.d/nginx
/usr/lib/systemd/system/nginx.service
/usr/lib/debug/*
/usr/lib/debug/.build-id/*
%dir /var/log/nginx
%dir /var/lib/nginx
%config(noreplace) /etc/nginx/nginx.conf

nginx-template

nginx-template
    ├── conf
    │   ├── django_fastcgi_params
    │   ├── naxsi_core.rules
    │   └── sites-available
    │       └── 000_stub_status
    ├── logrotate.d
    │   └── nginx
    ├── nginx.conf
    └── nginx.service

# nginx-rpmbuild-centos7/nginx-template/conf/django_fastcgi_params
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  PATH_INFO          $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

fastcgi_param  HTTP_X_FORWARDED_PROTOCOL        $scheme;

fastcgi_pass_header Authorization;
fastcgi_intercept_errors off;
fastcgi_keep_conn on;

# nginx-rpmbuild-centos7/nginx-template/conf/naxsi_core.rules
##################################
## INTERNAL RULES IDS:1-999     ##
##################################
#@MainRule "msg:weird request, unable to parse" id:1;
#@MainRule "msg:request too big, stored on disk and not parsed" id:2;
#@MainRule "msg:invalid hex encoding, null bytes" id:10;
#@MainRule "msg:unknown content-type" id:11;
#@MainRule "msg:invalid formatted url" id:12;
#@MainRule "msg:invalid POST format" id:13;
#@MainRule "msg:invalid POST boundary" id:14;
#@MainRule "msg:invalid JSON" id:15;
#@MainRule "msg:empty POST" id:16;
#@MainRule "msg:libinjection_sql" id:17;
#@MainRule "msg:libinjection_xss" id:18;

##################################
## SQL Injections IDs:1000-1099 ##
##################################
MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
## Hardcore rules
MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
MainRule "str:|" "msg:mysql keyword (|)"  "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
## end of hardcore rules
MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
MainRule "str:;" "msg:semicolon" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008;
MainRule "str:=" "msg:equal sign in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009;
MainRule "str:(" "msg:open parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010;
MainRule "str:)" "msg:close parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011;
MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013;
MainRule "str:," "msg:comma" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015;
MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
MainRule "str:@@" "msg:double arobase (@@)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1017;

###############################
## OBVIOUS RFI IDs:1100-1199 ##
###############################
MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104;
MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105;
MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106;
MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107;
MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108;
MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109;
MainRule "str:gopher://" "msg:gopher:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1110;

#######################################
## Directory traversal IDs:1200-1299 ##
#######################################
MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204;
MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205;
#MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206;

########################################
## Cross Site Scripting IDs:1300-1399 ##
########################################
MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
MainRule "str:[" "msg:open square backet ([), possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
MainRule "str:]" "msg:close square bracket (]), possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
MainRule "str:~" "msg:tilde (~) character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
MainRule "str:`"  "msg:grave accent (`)" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
MainRule "rx:%[2|3]."  "msg:double encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;

####################################
## Evading tricks IDs: 1400-1500 ##
####################################
MainRule "str:&#" "msg:utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
MainRule "str:%U" "msg:M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;

#############################
## File uploads: 1500-1600 ##
#############################
MainRule "rx:\.ph|\.asp|\.ht" "msg:asp/php file upload" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;

# nginx-rpmbuild-centos7/nginx-template/logrotate.d/nginx
/var/log/nginx/*.log /var/log/nginx/*/*.log{
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 640 root adm
    sharedscripts
    postrotate
        [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
    endscript
}

# nginx-rpmbuild-centos7/nginx-template/nginx.conf
user www-data;
worker_processes auto;

#worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
worker_rlimit_nofile 655650;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
        worker_connections  10240;
}


http {
#       include       /etc/nginx/naxsi_core.rules;
        include       mime.types;
        default_type  application/octet-stream;
    log_format garena '$remote_addr - $remote_user [$time_iso8601] "$request" $status $body_bytes_sent '
                '"$http_referer" "$http_user_agent" $request_time $upstream_response_time "$http_x_forwarded_for" "$geoip_country_code" "$host"';
        log_format garena_post '$remote_addr - $remote_user [$time_iso8601] "$request" $status $body_bytes_sent '
                '"$http_referer" "$http_user_agent" $request_time $upstream_response_time "$http_x_forwarded_for" "$geoip_country_code" "$host" "$request_body"';
    log_format compact '$time_iso8601|$remote_addr|$geoip_country_code|$http_x_forwarded_for|$status|$request_time|$upstream_response_time|$request_length|$body_bytes_sent|$host|$request|$http_referer|$http_user_agent';
    log_format compact_post '$time_iso8601|$remote_addr|$geoip_country_code|$http_x_forwarded_for|$status|$request_time|$upstream_response_time|$request_length|$body_bytes_sent|$host|$request|$http_referer|$http_user_agent|$request_body';


#       access_log  logs/access.log  main;

        sendfile        on;
#       tcp_nopush     on;

        keepalive_timeout  30;
        fastcgi_keep_conn on;
        tcp_nodelay        on;

        gzip  on;
        gzip_disable "MSIE [1-6]\.(?!.*SV1)";
        gzip_proxied any;
        gzip_buffers 16 8k;
        gzip_types    text/plain application/javascript application/x-javascript text/javascript text/xml text/css application/json;
        gzip_vary on;
        include /etc/nginx/sites-enabled/*;

    set_real_ip_from 10.0.0.0/8;
    real_ip_header    X-Forwarded-For;
#   real_ip_recursive on;
#   geoip_country /usr/share/GeoIP/GeoIP.dat;

        server_tokens off;         # returns "Server: nginx"
    more_clear_headers Server; # doesn't return "Server: " header at all
}

# nginx-rpmbuild-centos7/nginx-template/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=process
KillSignal=SIGQUIT
TimeoutStopSec=5
PrivateTmp=true

[Install]
WantedBy=multi-user.target

Initialize rpmbuild env

# check current os version and kernel
cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
uname -r
3.10.0-862.el7.x86_64

# install lua
sh luajit.sh

# yum install dependencies
yum install -y gcc pam-devel git rpm-build pcre-devel openssl openssl-devel geoip-devel

# mkdir
mkdir -p /root/rpmbuild/SOURCES/
mkdir -p /root/rpmbuild/SPECS/
mkdir -p /root/rpmbuild/RPMS/noarch

# download openssl
cd /usr/local/src
wget https://github.com/openssl/openssl/archive/OpenSSL_1_0_2p.tar.gz
tar xf OpenSSL_1_0_2p.tar.gz
mv openssl-OpenSSL_1_0_2p/ openssl-1.0.2p

# confirm these files are correct
[root@localhost ~]# tree nginx-rpmbuild-centos7/
nginx-rpmbuild-centos7/
├── build.sh
├── conf_buid
│   ├── conf
│   │   ├── django_fastcgi_params
│   │   ├── fastcgi.conf
│   │   ├── fastcgi_params
│   │   ├── koi-utf
│   │   ├── koi-win
│   │   ├── mime.types
│   │   ├── naxsi_core.rules
│   │   ├── nginx.conf
│   │   ├── scgi_params
│   │   ├── sites-available
│   │   │   └── 000_stub_status
│   │   ├── uwsgi_params
│   │   └── win-utf
│   ├── logrotate.d
│   │   └── nginx
│   ├── nginx.conf
│   └── nginx.service
├── luajit.sh
├── nginx-spec
└── nginx-template
    ├── conf
    │   ├── django_fastcgi_params
    │   ├── naxsi_core.rules
    │   └── sites-available
    │       └── 000_stub_status
    ├── logrotate.d
    │   └── nginx
    ├── nginx.conf
    └── nginx.service

8 directories, 24 files

How to build Nginx RPM

# check nginx stable version from official website
http://nginx.org/en/download.html

# check configuration
vim build.sh

NGX_VER=1.14.1
WKDIR="/root/rpmbuild/SOURCES"

# check nginx version
vim nginx-spec

replace 1.14.1 to 1.14.2

# run build.sh
./build.sh

# RPM package
Processing files: nginx-garena-1.14.2-0.noarch
warning: File listed twice: /etc/nginx/nginx.conf
Provides: config(nginx-garena) = 1.14.2-0 nginx-garena = 1.14.2-0
Requires(interp): /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(post): /bin/sh
Requires: libGeoIP.so.1()(64bit) libc.so.6()(64bit) libc.so.6(GLIBC_2.10)(64bit) libc.so.6(GLIBC_2.11)(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.17)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.2)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(GLIBC_2.2.5)(64bit) libdl.so.2()(64bit) libdl.so.2(GLIBC_2.2.5)(64bit) libgcc_s.so.1()(64bit) libgcc_s.so.1(GCC_3.0)(64bit) libgcc_s.so.1(GCC_3.3)(64bit) libm.so.6()(64bit) libm.so.6(GLIBC_2.2.5)(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libpcre.so.1()(64bit) libpthread.so.0()(64bit) libpthread.so.0(GLIBC_2.2.5)(64bit) libpthread.so.0(GLIBC_2.3.2)(64bit) libz.so.1()(64bit) rtld(GNU_HASH)
warning: Arch dependent binaries in noarch package
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/nginx-garena-1.14.2-0.x86_64
Wrote: /root/rpmbuild/SRPMS/nginx-garena-1.14.2-0.src.rpm
Wrote: /root/rpmbuild/RPMS/noarch/nginx-garena-1.14.2-0.noarch.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.iR5dLd
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd nginx-garena-1.14.2
+ '[' /root/rpmbuild/BUILDROOT/nginx-garena-1.14.2-0.x86_64 '!=' / ']'
+ rm -rf /root/rpmbuild/BUILDROOT/nginx-garena-1.14.2-0.x86_64
+ exit 0

RHEL/CentOS安装EPEL/Remi扩展仓库配置小结
前言最近因为需要编译libip2location，原本计划像之前一样使用rpmbuild制作Nginx的RPM包...
使用rpmbuild制作Nginx的RPM包
前言题图为RPM包制作原理图，有时候为了方便源码包的安装，和我们自己订制软件包的需求，我们会把一些源码包按照我们...
rpmbuild制作rpm 包
安装rpmbuild 创建 rpm build 目录结构（可选）在用户根目录生成rpmbuild 相关目录结构（...
rpm包制作
Linux 下RPM打包制作流程开始前的准备安装rpmbuild软件包 yum -y install rpm-...
prometheus监控节点node_exporter rpm包
rpm 制作制作rpm安装包 1.查看rpmbuild目录 2.创建工作目录 3.整理源码 4.编写spec文件...
Nginx-http服务的常用配置
Nginx-http服务的常用配置安装nginx 官方已经提供了安装的rpm包，可以直接拿来配置使用，rpm包有...
使用 rpmbuild 制作 rmp 包
一、安装软件二、RPM包制作建立工作目录二、把源码文件放置到 SOURCES 目录下 nginx.conf ...
Spec文件参数简述
Spec文件用于告诉rpmbuild如何构建RPM或者SRPM包RPM，SRPM区别参见鸟哥的Linux私房菜。S...
制作RPM包
前言拥有源码，把源码制作RPM包进行安装和使用。制作RPM包步骤准备普通用户(rpmbuilduser)创建...
2. Nginx的目录与配置语法之安装目录
查看安装目录 yum安装的nginx其实也是一个rpm包,所以可以使用rpm命令去查看nginx的安装目录命令:...