234 lines
8.6 KiB
Bash
Executable File
234 lines
8.6 KiB
Bash
Executable File
#!/bin/bash
|
||
|
||
function git_secure_clone() {
|
||
repo="$1"
|
||
commit="$2"
|
||
folder="$(echo "$repo" | sed -E "s@https://github.com/.*/(.*)\.git@\1@")"
|
||
if [ ! -d "deps/src/${folder}" ] ; then
|
||
output="$(git clone "$repo" "deps/src/${folder}" 2>&1)"
|
||
if [ $? -ne 0 ] ; then
|
||
echo "❌ Error cloning $1"
|
||
echo "$output"
|
||
exit 1
|
||
fi
|
||
old_dir="$(pwd)"
|
||
cd "deps/src/${folder}"
|
||
output="$(git checkout "${commit}^{commit}" 2>&1)"
|
||
if [ $? -ne 0 ] ; then
|
||
echo "❌ Commit hash $commit is absent from repository $repo"
|
||
echo "$output"
|
||
exit 1
|
||
fi
|
||
cd "$old_dir"
|
||
output="$(rm -rf "deps/src/${folder}/.git")"
|
||
if [ $? -ne 0 ] ; then
|
||
echo "❌ Can't delete .git from repository $repo"
|
||
echo "$output"
|
||
exit 1
|
||
fi
|
||
else
|
||
echo "⚠️ Skipping clone of $repo because target directory is already present"
|
||
fi
|
||
}
|
||
|
||
function secure_download() {
|
||
link="$1"
|
||
file="$2"
|
||
hash="$3"
|
||
dir="$(echo $file | sed 's/.tar.gz//g')"
|
||
if [ ! -d "deps/src/${dir}" ] ; then
|
||
output="$(wget -q -O "deps/src/${file}" "$link" 2>&1)"
|
||
if [ $? -ne 0 ] ; then
|
||
echo "❌ Error downloading $link"
|
||
echo "$output"
|
||
exit 1
|
||
fi
|
||
check="$(sha512sum "deps/src/${file}" | cut -d ' ' -f 1)"
|
||
if [ "$check" != "$hash" ] ; then
|
||
echo "❌️ Wrong hash from file $link (expected $hash got $check)"
|
||
exit 1
|
||
fi
|
||
else
|
||
echo "⚠️ Skipping download of $link because target directory is already present"
|
||
fi
|
||
}
|
||
|
||
function do_and_check_cmd() {
|
||
if [ "$CHANGE_DIR" != "" ] ; then
|
||
cd "$CHANGE_DIR"
|
||
fi
|
||
output=$("$@" 2>&1)
|
||
ret="$?"
|
||
if [ $ret -ne 0 ] ; then
|
||
echo "❌ Error from command : $*"
|
||
echo "$output"
|
||
exit $ret
|
||
fi
|
||
#echo $output
|
||
return 0
|
||
}
|
||
|
||
# nginx 1.20.2
|
||
echo "ℹ️ Download nginx"
|
||
NGINX_VERSION="1.20.2"
|
||
secure_download "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" "nginx-${NGINX_VERSION}.tar.gz" "8b65e881ea4ac6162cbf32e5e95cf47a6d5418819f8763ca4a781cffa38187dd7886d4bc195d000a7046111a27121ff25800f8645405174995247e6738b4279a"
|
||
if [ -f "deps/src/nginx-${NGINX_VERSION}.tar.gz" ] ; then
|
||
do_and_check_cmd tar -xvzf deps/src/nginx-${NGINX_VERSION}.tar.gz -C deps/src
|
||
do_and_check_cmd rm -f deps/src/nginx-${NGINX_VERSION}.tar.gz
|
||
fi
|
||
|
||
# Lua 5.1.5
|
||
echo "ℹ️ Download Lua"
|
||
LUA_VERSION="5.1.5"
|
||
secure_download "https://www.lua.org/ftp/lua-${LUA_VERSION}.tar.gz" "lua-${LUA_VERSION}.tar.gz" "0142fefcbd13afcd9b201403592aa60620011cc8e8559d4d2db2f92739d18186860989f48caa45830ff4f99bfc7483287fd3ff3a16d4dec928e2767ce4d542a9"
|
||
if [ -f "deps/src/lua-${LUA_VERSION}.tar.gz" ] ; then
|
||
do_and_check_cmd tar -xvzf deps/src/lua-${LUA_VERSION}.tar.gz -C deps/src
|
||
do_and_check_cmd rm -f deps/src/lua-${LUA_VERSION}.tar.gz
|
||
do_and_check_cmd patch deps/src/lua-5.1.5/Makefile deps/misc/lua.patch1
|
||
do_and_check_cmd patch deps/src/lua-5.1.5/src/Makefile deps/misc/lua.patch2
|
||
fi
|
||
|
||
# LuaJIT 2.1-20220111
|
||
echo "ℹ️ Download LuaJIT"
|
||
git_secure_clone "https://github.com/openresty/luajit2.git" "f1491357fa1dbfa3480ba67513fee19a9c65ca6f"
|
||
|
||
# lua-nginx-module v0.10.20
|
||
echo "ℹ️ Download lua-nginx-module"
|
||
git_secure_clone "https://github.com/openresty/lua-nginx-module.git" "9007d673e28938f5dfa7720438991e22b794d225"
|
||
|
||
# lua-resty-core v0.1.22
|
||
echo "ℹ️ Download lua-resty-core"
|
||
git_secure_clone "https://github.com/openresty/lua-resty-core.git" "12f26310a35e45c37157420f7e1f395a0e36e457"
|
||
|
||
# lua-resty-lrucache v0.11
|
||
echo "ℹ️ Download lua-resty-lrucache"
|
||
git_secure_clone "https://github.com/openresty/lua-resty-lrucache.git" "f20bb8ac9489ba87d90d78f929552c2eab153caa"
|
||
|
||
# lua-resty-dns v0.22
|
||
echo "ℹ️ Download lua-resty-dns"
|
||
git_secure_clone "https://github.com/openresty/lua-resty-dns.git" "869d2fbb009b6ada93a5a10cb93acd1cc12bd53f"
|
||
|
||
# lua-resty-session v3.10
|
||
echo "ℹ️ Download lua-resty-session"
|
||
git_secure_clone "https://github.com/bungle/lua-resty-session.git" "e6bf2630c90df7b3db35e859f0aa7e096af3e918"
|
||
|
||
# lua-resty-random v?
|
||
echo "ℹ️ Download lua-resty-random"
|
||
git_secure_clone "https://github.com/bungle/lua-resty-random.git" "17b604f7f7dd217557ca548fc1a9a0d373386480"
|
||
|
||
# lua-resty-string v0.15
|
||
echo "ℹ️ Download lua-resty-string"
|
||
git_secure_clone "https://github.com/openresty/lua-resty-string.git" "b192878f6ed31b0af237935bbc5a8110a3c2256c"
|
||
|
||
# lua-cjson v2.1.0.8
|
||
echo "ℹ️ Download lua-cjson"
|
||
git_secure_clone "https://github.com/openresty/lua-cjson.git" "0df488874f52a881d14b5876babaa780bb6200ee"
|
||
|
||
# lua-gd v?
|
||
echo "ℹ️ Download lua-gd"
|
||
git_secure_clone "https://github.com/ittner/lua-gd.git" "2ce8e478a8591afd71e607506bc8c64b161bbd30"
|
||
|
||
# lua-resty-http v1.16.1
|
||
echo "ℹ️ Download lua-resty-http"
|
||
git_secure_clone "https://github.com/ledgetech/lua-resty-http.git" "9bf951dfe162dd9710a0e1f4525738d4902e9d20"
|
||
|
||
# lualogging v1.6.0
|
||
echo "ℹ️ Download lualogging"
|
||
git_secure_clone "https://github.com/lunarmodules/lualogging.git" "0bc4415de03ff1a99c92c02a5bed14a45b078079"
|
||
|
||
# luasocket v?
|
||
echo "ℹ️ Download luasocket"
|
||
git_secure_clone "https://github.com/diegonehab/luasocket.git" "5b18e475f38fcf28429b1cc4b17baee3b9793a62"
|
||
|
||
# luasec v1.0.2
|
||
echo "ℹ️ Download luasec"
|
||
git_secure_clone "https://github.com/brunoos/luasec.git" "ef14b27a2c8e541cac071165048250e85a7216df"
|
||
|
||
# lua-resty-ipmatcher v0.6.1 (1 commit after just in case)
|
||
echo "ℹ️ Download lua-resty-ipmatcher"
|
||
dopatch="no"
|
||
if [ ! -d "deps/src/lua-resty-ipmatcher" ] ; then
|
||
dopatch="yes"
|
||
fi
|
||
git_secure_clone "https://github.com/api7/lua-resty-ipmatcher.git" "3948a92d2e168db14fa5ecd4bb10a7c0fe7ead70"
|
||
if [ "$dopatch" = "yes" ] ; then
|
||
do_and_check_cmd patch deps/src/lua-resty-ipmatcher/resty/ipmatcher.lua deps/misc/ipmatcher.patch
|
||
fi
|
||
|
||
# lua-resty-redis v0.29
|
||
echo "ℹ️ Download lua-resty-redis"
|
||
git_secure_clone "https://github.com/openresty/lua-resty-redis.git" "053f989c7f43d8edc79d5151e73b79249c6b5d94"
|
||
|
||
# lua-resty-upload v0.10
|
||
echo "ℹ️ Download lua-resty-upload"
|
||
git_secure_clone "https://github.com/openresty/lua-resty-upload.git" "cae01f590456561bc8d95da3d2d9f937bef57bec"
|
||
|
||
# luajit-geoip v2.1.0
|
||
echo "ℹ️ Download luajit-geoip"
|
||
dopatch="no"
|
||
if [ ! -d "deps/src/luajit-geoip" ] ; then
|
||
dopatch="yes"
|
||
fi
|
||
git_secure_clone "https://github.com/leafo/luajit-geoip.git" "12a9388207f40c37ad5cf6de2f8e0cc72bf13477"
|
||
if [ "$dopatch" = "yes" ] ; then
|
||
do_and_check_cmd patch deps/src/luajit-geoip/geoip/mmdb.lua deps/misc/mmdb.patch
|
||
fi
|
||
|
||
# lbase64 v1.5.3
|
||
echo "ℹ️ Download lbase64"
|
||
git_secure_clone "https://github.com/iskolbin/lbase64.git" "c261320edbdf82c16409d893a96c28c704aa0ab8"
|
||
|
||
# ModSecurity v3.0.4 (looks like v3.0.5 has a memleak on reload)
|
||
# TODO : test v3.0.6
|
||
echo "ℹ️ Download ModSecurity"
|
||
if [ ! -d "deps/src/ModSecurity" ] ; then
|
||
dopatch="yes"
|
||
fi
|
||
git_secure_clone "https://github.com/SpiderLabs/ModSecurity.git" "753145fbd1d6751a6b14fdd700921eb3cc3a1d35"
|
||
if [ "$dopatch" = "yes" ] ; then
|
||
do_and_check_cmd patch deps/src/ModSecurity/configure.ac deps/misc/modsecurity.patch
|
||
fi
|
||
# libinjection v?
|
||
echo "ℹ️ Download libinjection"
|
||
git_secure_clone "https://github.com/libinjection/libinjection.git" "49904c42a6e68dc8f16c022c693e897e4010a06c"
|
||
do_and_check_cmd cp -r deps/src/libinjection deps/src/ModSecurity/others
|
||
|
||
# ModSecurity-nginx v1.0.2
|
||
echo "ℹ️ Download ModSecurity-nginx"
|
||
dopatch="no"
|
||
if [ ! -d "deps/src/ModSecurity-nginx" ] ; then
|
||
dopatch="yes"
|
||
fi
|
||
git_secure_clone "https://github.com/SpiderLabs/ModSecurity-nginx.git" "2497e6ac654d0b117b9534aa735b757c6b11c84f"
|
||
if [ "$dopatch" = "yes" ] ; then
|
||
do_and_check_cmd patch deps/src/ModSecurity-nginx/src/ngx_http_modsecurity_log.c deps/misc/modsecurity-nginx.patch
|
||
fi
|
||
|
||
# libmaxminddb v1.6.0
|
||
echo "ℹ️ Download libmaxminddb"
|
||
git_secure_clone "https://github.com/maxmind/libmaxminddb.git" "2d0e6b7360b88f645e67ffc5a709b2327d361ac3"
|
||
|
||
# headers-more-nginx-module v?
|
||
echo "ℹ️ Download headers-more-nginx-module"
|
||
git_secure_clone "https://github.com/openresty/headers-more-nginx-module.git" "a4a0686605161a6777d7d612d5aef79b9e7c13e0"
|
||
|
||
# ngx_http_geoip2_module v3.3
|
||
#echo "ℹ️ Download ngx_http_geoip2_module"
|
||
#dosed="no"
|
||
#if [ ! -d "deps/src/ngx_http_geoip2_module" ] ; then
|
||
# dosed="yes"
|
||
#fi
|
||
#git_secure_clone "https://github.com/leev/ngx_http_geoip2_module.git" "5a83b6f958c67ea88d2899d0b3c2a5db8e36b211"
|
||
#if [ "$dosed" = "yes" ] ; then
|
||
# do_and_check_cmd sed -i '1s:^:ngx_feature_path=/opt/bunkerweb/deps/include\n:' deps/src/ngx_http_geoip2_module/config
|
||
# do_and_check_cmd sed -i 's:^ngx_feature_libs=.*$:ngx_feature_libs="-Wl,-rpath,/opt/bunkerweb/deps/lib -L/opt/bunkerweb/deps/lib -lmaxminddb":' deps/src/ngx_http_geoip2_module/config
|
||
#fi
|
||
|
||
# nginx_cookie_flag_module v1.1.0
|
||
echo "ℹ️ Download nginx_cookie_flag_module"
|
||
git_secure_clone "https://github.com/AirisX/nginx_cookie_flag_module.git" "4e48acf132952bbed43b28a8e6af0584dacb7b4c"
|
||
|
||
# ngx_brotli v?
|
||
echo "ℹ️ Download ngx_brotli"
|
||
git_secure_clone "https://github.com/google/ngx_brotli.git" "9aec15e2aa6feea2113119ba06460af70ab3ea62"
|