import UBI nginx-1.26.3-1.el10

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/nginx-1.16.1.tar.gz
-SOURCES/poweredby.png
+nginx-1.26.3.tar.gz
+nginx-logo.png

.nginx.metadata

@@ -1,2 +0,0 @@
-77ce4d26481b62f7a9d83e399454df0912f01a4b SOURCES/nginx-1.16.1.tar.gz
-2ec82988cd0d9b1304c95a16b28eff70f0f69abc SOURCES/poweredby.png

0001-remove-Werror-in-upstream-build-scripts.patch

@@ -0,0 +1,31 @@
+From d4b67917818eb4c2bda9ccc5a2677926cfa0cc81 Mon Sep 17 00:00:00 2001
+From: Felix Kaechele <felix@kaechele.ca>
+Date: Sun, 7 Jun 2020 12:14:02 -0400
+Subject: [PATCH 1/3] remove Werror in upstream build scripts
+
+removes -Werror in upstream build scripts.  -Werror conflicts with
+-D_FORTIFY_SOURCE=2 causing warnings to turn into errors.
+
+Signed-off-by: Felix Kaechele <felix@kaechele.ca>
+---
+ auto/cc/gcc | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/auto/cc/gcc b/auto/cc/gcc
+index a5c5c18fba3f..cdbbadb54023 100644
+--- a/auto/cc/gcc
++++ b/auto/cc/gcc
+@@ -166,7 +166,9 @@ esac
+ 
+ 
+ # stop on warning
+-CFLAGS="$CFLAGS -Werror"
++# This combined with Fedora's FORTIFY_SOURCE=2 option causes it nginx
++# to not compile.
++#CFLAGS="$CFLAGS -Werror"
+ 
+ # debug
+ CFLAGS="$CFLAGS -g"
+-- 
+2.44.0
+

0002-fix-PIDFile-handling.patch

@@ -0,0 +1,108 @@
+From 29c20440c27d6b13a4f933279da59fd8b442f5d7 Mon Sep 17 00:00:00 2001
+From: Felix Kaechele <felix@kaechele.ca>
+Date: Tue, 20 Apr 2021 21:28:18 -0400
+Subject: [PATCH 2/3] fix PIDFile handling
+
+Corresponding RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1869026
+
+Rejected upstream: https://trac.nginx.org/nginx/ticket/1897
+
+Taken from: https://git.launchpad.net/ubuntu/+source/nginx/tree/debian/patches/nginx-fix-pidfile.patch
+
+From original patch:
+Author: Tj <ubuntu@iam.tj>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1581864
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876365
+Last-Update: 2020-06-24
+
+Signed-off-by: Felix Kaechele <felix@kaechele.ca>
+---
+ src/core/nginx.c         | 24 +++++++++++++++++++++---
+ src/os/unix/ngx_daemon.c |  8 ++++++--
+ 2 files changed, 27 insertions(+), 5 deletions(-)
+
+diff --git a/src/core/nginx.c b/src/core/nginx.c
+index 0deb27b7f98a..23edb59ff105 100644
+--- a/src/core/nginx.c
++++ b/src/core/nginx.c
+@@ -340,14 +340,21 @@ main(int argc, char *const *argv)
+         ngx_process = NGX_PROCESS_MASTER;
+     }
+ 
++    /* tell-tale to detect if this is parent or child process */
++    ngx_int_t child_pid = NGX_BUSY;
++
+ #if !(NGX_WIN32)
+ 
+     if (ngx_init_signals(cycle->log) != NGX_OK) {
+         return 1;
+     }
+ 
++    /* tell-tale that this code has been executed */
++    child_pid--;
++
+     if (!ngx_inherited && ccf->daemon) {
+-        if (ngx_daemon(cycle->log) != NGX_OK) {
++        child_pid = ngx_daemon(cycle->log);
++        if (child_pid == NGX_ERROR) {
+             return 1;
+         }
+ 
+@@ -360,8 +367,19 @@ main(int argc, char *const *argv)
+ 
+ #endif
+ 
+-    if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) {
+-        return 1;
++    /* If ngx_daemon() returned the child's PID in the parent process
++     * after the fork() set ngx_pid to the child_pid, which gets
++     * written to the PID file, then exit.
++     * For NGX_WIN32 always write the PID file
++     * For others, only write it from the parent process */
++    if (child_pid < NGX_OK || child_pid > NGX_OK) {
++	ngx_pid = child_pid > NGX_OK ? child_pid : ngx_pid;
++        if (ngx_create_pidfile(&ccf->pid, cycle->log) != NGX_OK) {
++            return 1;
++	}
++    }
++    if (child_pid > NGX_OK) {
++        exit(0);
+     }
+ 
+     if (ngx_log_redirect_stderr(cycle) != NGX_OK) {
+diff --git a/src/os/unix/ngx_daemon.c b/src/os/unix/ngx_daemon.c
+index 385c49b6c3d1..3719854c52b0 100644
+--- a/src/os/unix/ngx_daemon.c
++++ b/src/os/unix/ngx_daemon.c
+@@ -7,14 +7,17 @@
+ 
+ #include <ngx_config.h>
+ #include <ngx_core.h>
++#include <unistd.h>
+ 
+ 
+ ngx_int_t
+ ngx_daemon(ngx_log_t *log)
+ {
+     int  fd;
++    /* retain the return value for passing back to caller */
++    pid_t pid_child = fork();
+ 
+-    switch (fork()) {
++    switch (pid_child) {
+     case -1:
+         ngx_log_error(NGX_LOG_EMERG, log, ngx_errno, "fork() failed");
+         return NGX_ERROR;
+@@ -23,7 +26,8 @@ ngx_daemon(ngx_log_t *log)
+         break;
+ 
+     default:
+-        exit(0);
++        /* let caller do the exit() */
++        return pid_child;
+     }
+ 
+     ngx_parent = ngx_pid;
+-- 
+2.44.0
+

0003-Add-SSL-passphrase-dialog.patch

@@ -0,0 +1,749 @@
+From 679397c62265a5ee93953d0913dc834b163a5aec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
+Date: Wed, 22 May 2024 22:23:08 +0200
+Subject: [PATCH 3/3] Add SSL passphrase dialog
+
+---
+ contrib/vim/syntax/nginx.vim             |   1 +
+ src/event/ngx_event_openssl.c            | 126 +++++++++++++++++++++--
+ src/event/ngx_event_openssl.h            |  14 ++-
+ src/http/modules/ngx_http_grpc_module.c  |   2 +-
+ src/http/modules/ngx_http_proxy_module.c |   2 +-
+ src/http/modules/ngx_http_ssl_module.c   |  70 ++++++++++++-
+ src/http/modules/ngx_http_ssl_module.h   |   2 +
+ src/http/modules/ngx_http_uwsgi_module.c |   2 +-
+ src/mail/ngx_mail_ssl_module.c           |  66 +++++++++++-
+ src/mail/ngx_mail_ssl_module.h           |   2 +
+ src/stream/ngx_stream_proxy_module.c     |   2 +-
+ src/stream/ngx_stream_ssl_module.c       |  61 ++++++++++-
+ src/stream/ngx_stream_ssl_module.h       |   2 +
+ 13 files changed, 335 insertions(+), 17 deletions(-)
+
+diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim
+index 29eef7a..e7227eb 100644
+--- a/contrib/vim/syntax/nginx.vim
++++ b/contrib/vim/syntax/nginx.vim
+@@ -593,6 +593,7 @@ syn keyword ngxDirective contained ssl_ocsp
+ syn keyword ngxDirective contained ssl_ocsp_cache
+ syn keyword ngxDirective contained ssl_ocsp_responder
+ syn keyword ngxDirective contained ssl_password_file
++syn keyword ngxDirective contained ssl_pass_phrase_dialog
+ syn keyword ngxDirective contained ssl_prefer_server_ciphers
+ syn keyword ngxDirective contained ssl_preread
+ syn keyword ngxDirective contained ssl_protocols
+diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
+index 89f277f..6f7f2a2 100644
+--- a/src/event/ngx_event_openssl.c
++++ b/src/event/ngx_event_openssl.c
+@@ -11,6 +11,7 @@
+ 
+ 
+ #define NGX_SSL_PASSWORD_BUFFER_SIZE  4096
++#define NGX_PASS_PHRASE_ARG_MAX_LEN   255
+ 
+ 
+ typedef struct {
+@@ -21,7 +22,7 @@ typedef struct {
+ static X509 *ngx_ssl_load_certificate(ngx_pool_t *pool, char **err,
+     ngx_str_t *cert, STACK_OF(X509) **chain);
+ static EVP_PKEY *ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
+-    ngx_str_t *key, ngx_array_t *passwords);
++    ngx_str_t *key, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg);
+ static int ngx_ssl_password_callback(char *buf, int size, int rwflag,
+     void *userdata);
+ static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
+@@ -85,6 +86,12 @@ static time_t ngx_ssl_parse_time(
+ #endif
+     ASN1_TIME *asn1time, ngx_log_t *log);
+ 
++static int ngx_ssl_read_pstream(const char *cmd, char *buf,
++    ngx_int_t bufsize);
++
++static int ngx_ssl_pass_phrase_callback(char *buf, int bufsize,
++    int rwflag, void *u);
++
+ static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
+ static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
+ static void ngx_openssl_exit(ngx_cycle_t *cycle);
+@@ -432,7 +439,7 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
+ 
+ ngx_int_t
+ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
+-    ngx_array_t *keys, ngx_array_t *passwords)
++    ngx_array_t *keys, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg)
+ {
+     ngx_str_t   *cert, *key;
+     ngx_uint_t   i;
+@@ -442,7 +449,7 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
+ 
+     for (i = 0; i < certs->nelts; i++) {
+ 
+-        if (ngx_ssl_certificate(cf, ssl, &cert[i], &key[i], passwords)
++        if (ngx_ssl_certificate(cf, ssl, &cert[i], &key[i], passwords, dlg)
+             != NGX_OK)
+         {
+             return NGX_ERROR;
+@@ -455,12 +462,13 @@ ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs,
+ 
+ ngx_int_t
+ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
+-    ngx_str_t *key, ngx_array_t *passwords)
++    ngx_str_t *key, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg)
+ {
+     char            *err;
+     X509            *x509;
+     EVP_PKEY        *pkey;
+     STACK_OF(X509)  *chain;
++    EVP_PKEY        *pubkey;
+ 
+     x509 = ngx_ssl_load_certificate(cf->pool, &err, cert, &chain);
+     if (x509 == NULL) {
+@@ -550,8 +558,23 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
+     }
+ #endif
+ 
+-    pkey = ngx_ssl_load_certificate_key(cf->pool, &err, key, passwords);
+-    if (pkey == NULL) {
++    pubkey = X509_get_pubkey(x509);
++    if (!pubkey) {
++        ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
++                          "X509_get_pubkey() failed");
++        return NGX_ERROR;
++    }
++
++    if (dlg) {
++         dlg->cryptosystem = EVP_PKEY_get_base_id(pubkey);
++    }
++
++    EVP_PKEY_free(pubkey);
++
++    pkey = ngx_ssl_load_certificate_key(cf->pool, &err, key, passwords, dlg);
++    if (ngx_test_config) {
++        return NGX_OK;
++    } else if (pkey == NULL) {
+         if (err != NULL) {
+             ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+                           "cannot load certificate key \"%s\": %s",
+@@ -621,7 +644,7 @@ ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool,
+ 
+ #endif
+ 
+-    pkey = ngx_ssl_load_certificate_key(pool, &err, key, passwords);
++    pkey = ngx_ssl_load_certificate_key(pool, &err, key, passwords, NULL);
+     if (pkey == NULL) {
+         if (err != NULL) {
+             ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
+@@ -734,10 +757,82 @@ ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
+     return x509;
+ }
+ 
++static int
++ngx_ssl_read_pstream(const char *cmd, char *buf, ngx_int_t bufsize)
++{
++    FILE       *fp;
++    ngx_int_t i;
++    char c;
++
++    fp = popen(cmd, "r");
++    if (fp == NULL) {
++        return -1;
++    }
++
++    for (i = 0; (c = fgetc(fp)) != EOF &&
++            (i < bufsize - 1); i++) {
++
++        if (c == '\n' || c == '\r'){
++            break;
++        }
++
++        buf[i] = c;
++    }
++    buf[i] = '\0';
++
++    pclose(fp);
++
++    return 0;
++}
++
++static int
++ngx_ssl_pass_phrase_callback(char *buf, int bufsize, int rwflag, void *u)
++{
++    u_char cmd[NGX_PASS_PHRASE_ARG_MAX_LEN + 1] = {0};
++    u_char *cmd_end;
++    ngx_ssl_ppdialog_conf_t *dlg              = (ngx_ssl_ppdialog_conf_t *)u;
++    ngx_str_t *pass_phrase_dialog             = dlg->data;
++    char cryptosystem[4] = {0};
++    int ret;
++
++    /* remove exec: str from pass_phrase_dialog */
++    pass_phrase_dialog->data = pass_phrase_dialog->data + 5;
++    pass_phrase_dialog->len  = pass_phrase_dialog->len - 5;
++
++    switch (dlg->cryptosystem){
++        case EVP_PKEY_RSA:
++            strncpy(cryptosystem, "RSA", 4);
++            break;
++        case EVP_PKEY_DSA:
++            strncpy(cryptosystem, "DSA", 4);
++            break;
++        case EVP_PKEY_EC:
++            strncpy(cryptosystem, "EC", 3);
++            break;
++        case EVP_PKEY_DH:
++            strncpy(cryptosystem, "DH", 3);
++            break;
++        default:
++            strncpy(cryptosystem, "UNK", 4);
++            break;
++    }
++
++    cmd_end = ngx_snprintf(cmd, NGX_PASS_PHRASE_ARG_MAX_LEN, "%V %V %s",
++                         pass_phrase_dialog, dlg->server, cryptosystem);
++    *cmd_end = '\0';
++
++    ngx_log_stderr(0, "Executing external script: %s\n", cmd);
++
++    if ((ret = ngx_ssl_read_pstream((char *)cmd, buf, bufsize)) != 0){
++        return -1;
++    }
++
++    return strlen(buf);
++}
+ 
+ static EVP_PKEY *
+ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
+-    ngx_str_t *key, ngx_array_t *passwords)
++    ngx_str_t *key, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg)
+ {
+     BIO              *bio;
+     EVP_PKEY         *pkey;
+@@ -825,6 +920,21 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
+         tries = 1;
+         pwd = NULL;
+         cb = NULL;
++
++        /** directive format: ssl_pass_phrase_dialog builtin|exec:filepath */
++        if (dlg && ngx_strncasecmp(dlg->data->data, (u_char *)"exec:", 5) == 0){
++           pwd = (void *)dlg;
++           cb = ngx_ssl_pass_phrase_callback;
++        } else {
++           pwd = NULL;
++           cb = NULL;
++        }
++    }
++
++    /* skip decrypting private keys in config test phase to avoid
++       asking for pass phase twice */
++    if (ngx_test_config){
++        return NULL;
+     }
+ 
+     for ( ;; ) {
+diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
+index ebb2c35..761f48d 100644
+--- a/src/event/ngx_event_openssl.h
++++ b/src/event/ngx_event_openssl.h
+@@ -82,9 +82,19 @@
+ #define ERR_peek_error_data(d, f)    ERR_peek_error_line_data(NULL, NULL, d, f)
+ #endif
+ 
++#define NGX_SSL_PASS_PHRASE_ARG_MAX_LEN  255
++#define NGX_SSL_PASS_PHRASE_DEFAULT_VAL "builtin"
++#define NGX_SSL_SERVER_NULL             "undefined"
+ 
+ typedef struct ngx_ssl_ocsp_s  ngx_ssl_ocsp_t;
+ 
++typedef struct ngx_ssl_ppdialog_conf_s ngx_ssl_ppdialog_conf_t;
++
++struct ngx_ssl_ppdialog_conf_s {
++    ngx_str_t                  *data;
++    ngx_str_t                  *server;
++    ngx_int_t                  cryptosystem;
++};
+ 
+ struct ngx_ssl_s {
+     SSL_CTX                    *ctx;
+@@ -192,9 +202,9 @@ ngx_int_t ngx_ssl_init(ngx_log_t *log);
+ ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data);
+ 
+ ngx_int_t ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl,
+-    ngx_array_t *certs, ngx_array_t *keys, ngx_array_t *passwords);
++    ngx_array_t *certs, ngx_array_t *keys, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg);
+ ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
+-    ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
++    ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords, ngx_ssl_ppdialog_conf_t *dlg);
+ ngx_int_t ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool,
+     ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
+ 
+diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
+index dfe49c5..904263d 100644
+--- a/src/http/modules/ngx_http_grpc_module.c
++++ b/src/http/modules/ngx_http_grpc_module.c
+@@ -4983,7 +4983,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
+             if (ngx_ssl_certificate(cf, glcf->upstream.ssl,
+                                     &glcf->upstream.ssl_certificate->value,
+                                     &glcf->upstream.ssl_certificate_key->value,
+-                                    glcf->upstream.ssl_passwords)
++                                    glcf->upstream.ssl_passwords, NULL)
+                 != NGX_OK)
+             {
+                 return NGX_ERROR;
+diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
+index 9cc202c..2c938d7 100644
+--- a/src/http/modules/ngx_http_proxy_module.c
++++ b/src/http/modules/ngx_http_proxy_module.c
+@@ -5032,7 +5032,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
+             if (ngx_ssl_certificate(cf, plcf->upstream.ssl,
+                                     &plcf->upstream.ssl_certificate->value,
+                                     &plcf->upstream.ssl_certificate_key->value,
+-                                    plcf->upstream.ssl_passwords)
++                                    plcf->upstream.ssl_passwords, NULL)
+                 != NGX_OK)
+             {
+                 return NGX_ERROR;
+diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
+index 1c92d9f..35132b9 100644
+--- a/src/http/modules/ngx_http_ssl_module.c
++++ b/src/http/modules/ngx_http_ssl_module.c
+@@ -21,6 +21,8 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
+ #define NGX_DEFAULT_CIPHERS     "HIGH:!aNULL:!MD5"
+ #define NGX_DEFAULT_ECDH_CURVE  "auto"
+ 
++static ngx_str_t ngx_ssl_server_null = ngx_string(NGX_SSL_SERVER_NULL);
++
+ #define NGX_HTTP_ALPN_PROTOS    "\x08http/1.1\x08http/1.0\x08http/0.9"
+ 
+ 
+@@ -59,6 +61,9 @@ static ngx_int_t ngx_http_ssl_quic_compat_init(ngx_conf_t *cf,
+     ngx_http_conf_addr_t *addr);
+ #endif
+ 
++static char *ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd,
++    void *conf);
++
+ 
+ static ngx_conf_bitmask_t  ngx_http_ssl_protocols[] = {
+     { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
+@@ -290,6 +295,13 @@ static ngx_command_t  ngx_http_ssl_commands[] = {
+       offsetof(ngx_http_ssl_srv_conf_t, reject_handshake),
+       NULL },
+ 
++    { ngx_string("ssl_pass_phrase_dialog"),
++      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
++      ngx_conf_set_pass_phrase_dialog,
++      NGX_HTTP_SRV_CONF_OFFSET,
++      offsetof(ngx_http_ssl_srv_conf_t, pass_phrase_dialog),
++      NULL },
++
+       ngx_null_command
+ };
+ 
+@@ -609,6 +621,7 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
+      *     sscf->ocsp_responder = { 0, NULL };
+      *     sscf->stapling_file = { 0, NULL };
+      *     sscf->stapling_responder = { 0, NULL };
++     *     sscf->pass_phrase_dialog = NULL;
+      */
+ 
+     sscf->prefer_server_ciphers = NGX_CONF_UNSET;
+@@ -639,6 +652,8 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+ {
+     ngx_http_ssl_srv_conf_t *prev = parent;
+     ngx_http_ssl_srv_conf_t *conf = child;
++    ngx_http_core_srv_conf_t  *cscf;
++    ngx_ssl_ppdialog_conf_t    dlg;
+ 
+     ngx_pool_cleanup_t  *cln;
+ 
+@@ -694,6 +709,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+     ngx_conf_merge_str_value(conf->stapling_responder,
+                          prev->stapling_responder, "");
+ 
++    ngx_conf_merge_str_value(conf->pass_phrase_dialog,
++                         prev->pass_phrase_dialog, NGX_SSL_PASS_PHRASE_DEFAULT_VAL);
++
+     conf->ssl.log = cf->log;
+ 
+     if (conf->certificates) {
+@@ -726,6 +744,30 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+     cln->handler = ngx_ssl_cleanup_ctx;
+     cln->data = &conf->ssl;
+ 
++    /** directive format: ssl_pass_phrase_dialog builtin|exec:filepath */
++    if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)"exec:", 5) == 0){
++       ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
++            "ssl_pass_phrase_dialog config directive SET: %s ", conf->pass_phrase_dialog.data);
++    } else if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)NGX_SSL_PASS_PHRASE_DEFAULT_VAL,
++               sizeof(NGX_SSL_PASS_PHRASE_DEFAULT_VAL)) != 0){
++
++       ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
++            "ssl_pass_phrase_dialog config directive accepts only the following "
++            "values: %s | exec:filepath", NGX_SSL_PASS_PHRASE_DEFAULT_VAL);
++
++       return NGX_CONF_ERROR;
++    }
++
++    cscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_core_module);
++
++    dlg.data = &conf->pass_phrase_dialog;
++    if (cscf->server_name.len != 0) {
++        dlg.server = &cscf->server_name;
++    } else {
++        dlg.server = &ngx_ssl_server_null;
++    }
++
++
+ #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ 
+     if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
+@@ -776,7 +818,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+         /* configure certificates */
+ 
+         if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
+-                                 conf->certificate_keys, conf->passwords)
++                                 conf->certificate_keys, conf->passwords, &dlg)
+             != NGX_OK)
+         {
+             return NGX_CONF_ERROR;
+@@ -1329,6 +1371,32 @@ ngx_http_ssl_init(ngx_conf_t *cf)
+     return NGX_OK;
+ }
+ 
++static char *
++ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
++{
++    ngx_http_ssl_srv_conf_t *sscf = conf;
++    ngx_str_t               *value;
++
++    if (sscf->pass_phrase_dialog.data){
++        return "is duplicate";
++    }
++
++    value = cf->args->elts;
++
++    sscf->pass_phrase_dialog = value[1];
++
++    if (sscf->pass_phrase_dialog.len == 0) {
++        return NGX_CONF_OK;
++    } else if (sscf->pass_phrase_dialog.len > NGX_SSL_PASS_PHRASE_ARG_MAX_LEN) {
++        ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
++            "ssl_pass_phrase_dialog argument length exceeded maximum possible length: %d",
++            NGX_SSL_PASS_PHRASE_ARG_MAX_LEN);
++
++        return NGX_CONF_ERROR;
++    }
++
++    return NGX_CONF_OK;
++}
+ 
+ #if (NGX_QUIC_OPENSSL_COMPAT)
+ 
+diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h
+index c69c8ff..79f1506 100644
+--- a/src/http/modules/ngx_http_ssl_module.h
++++ b/src/http/modules/ngx_http_ssl_module.h
+@@ -62,6 +62,8 @@ typedef struct {
+     ngx_flag_t                      stapling_verify;
+     ngx_str_t                       stapling_file;
+     ngx_str_t                       stapling_responder;
++
++    ngx_str_t                       pass_phrase_dialog;
+ } ngx_http_ssl_srv_conf_t;
+ 
+ 
+diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
+index c1731ff..ab9d98a 100644
+--- a/src/http/modules/ngx_http_uwsgi_module.c
++++ b/src/http/modules/ngx_http_uwsgi_module.c
+@@ -2567,7 +2567,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
+             if (ngx_ssl_certificate(cf, uwcf->upstream.ssl,
+                                     &uwcf->upstream.ssl_certificate->value,
+                                     &uwcf->upstream.ssl_certificate_key->value,
+-                                    uwcf->upstream.ssl_passwords)
++                                    uwcf->upstream.ssl_passwords, NULL)
+                 != NGX_OK)
+             {
+                 return NGX_ERROR;
+diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
+index aebb4cc..5d95f44 100644
+--- a/src/mail/ngx_mail_ssl_module.c
++++ b/src/mail/ngx_mail_ssl_module.c
+@@ -13,6 +13,7 @@
+ #define NGX_DEFAULT_CIPHERS     "HIGH:!aNULL:!MD5"
+ #define NGX_DEFAULT_ECDH_CURVE  "auto"
+ 
++static ngx_str_t ngx_ssl_server_null = ngx_string(NGX_SSL_SERVER_NULL);
+ 
+ #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ static int ngx_mail_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
+@@ -33,6 +34,8 @@ static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
+ static char *ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post,
+     void *data);
+ 
++static char *ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd,
++    void *conf);
+ 
+ static ngx_conf_enum_t  ngx_mail_starttls_state[] = {
+     { ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
+@@ -202,6 +205,13 @@ static ngx_command_t  ngx_mail_ssl_commands[] = {
+       offsetof(ngx_mail_ssl_conf_t, conf_commands),
+       &ngx_mail_ssl_conf_command_post },
+ 
++    { ngx_string("ssl_pass_phrase_dialog"),
++      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
++      ngx_conf_set_pass_phrase_dialog,
++      NGX_MAIL_SRV_CONF_OFFSET,
++      offsetof(ngx_mail_ssl_conf_t, pass_phrase_dialog),
++      NULL },
++
+       ngx_null_command
+ };
+ 
+@@ -330,6 +340,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+ {
+     ngx_mail_ssl_conf_t *prev = parent;
+     ngx_mail_ssl_conf_t *conf = child;
++    ngx_mail_core_srv_conf_t           *cscf;
++    ngx_ssl_ppdialog_conf_t             dlg;
+ 
+     char                *mode;
+     ngx_pool_cleanup_t  *cln;
+@@ -372,6 +384,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+ 
+     ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL);
+ 
++    ngx_conf_merge_str_value(conf->pass_phrase_dialog,
++                         prev->pass_phrase_dialog, NGX_SSL_PASS_PHRASE_DEFAULT_VAL);
+ 
+     conf->ssl.log = cf->log;
+ 
+@@ -430,6 +444,29 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+     cln->handler = ngx_ssl_cleanup_ctx;
+     cln->data = &conf->ssl;
+ 
++    /** directive format: ssl_pass_phrase_dialog builtin|exec:filepath */
++    if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)"exec:", 5) == 0){
++       ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
++            "ssl_pass_phrase_dialog config directive SET: %s ", conf->pass_phrase_dialog.data);
++    } else if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)NGX_SSL_PASS_PHRASE_DEFAULT_VAL,
++               sizeof(NGX_SSL_PASS_PHRASE_DEFAULT_VAL)) != 0){
++
++       ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
++            "ssl_pass_phrase_dialog config directive accepts only the following "
++            "values: %s | exec:filepath", NGX_SSL_PASS_PHRASE_DEFAULT_VAL);
++
++       return NGX_CONF_ERROR;
++    }
++
++    cscf = ngx_mail_conf_get_module_srv_conf(cf, ngx_mail_core_module);
++
++    dlg.data = &conf->pass_phrase_dialog;
++    if (cscf->server_name.len != 0) {
++        dlg.server = &cscf->server_name;
++    } else {
++        dlg.server = &ngx_ssl_server_null;
++    }
++
+ #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+     SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_mail_ssl_alpn_select, NULL);
+ #endif
+@@ -442,7 +479,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+     }
+ 
+     if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
+-                             conf->certificate_keys, conf->passwords)
++                             conf->certificate_keys, conf->passwords, &dlg)
+         != NGX_OK)
+     {
+         return NGX_CONF_ERROR;
+@@ -692,3 +729,30 @@ ngx_mail_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
+     return NGX_CONF_OK;
+ #endif
+ }
++
++static char *
++ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
++{
++    ngx_mail_ssl_conf_t     *sscf = conf;
++    ngx_str_t               *value;
++
++    if (sscf->pass_phrase_dialog.data){
++        return "is duplicate";
++    }
++
++    value = cf->args->elts;
++
++    sscf->pass_phrase_dialog = value[1];
++
++    if (sscf->pass_phrase_dialog.len == 0) {
++        return NGX_CONF_OK;
++    } else if (sscf->pass_phrase_dialog.len > NGX_SSL_PASS_PHRASE_ARG_MAX_LEN) {
++        ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
++            "ssl_pass_phrase_dialog argument length exceeded maximum possible length: %d",
++            NGX_SSL_PASS_PHRASE_ARG_MAX_LEN);
++
++        return NGX_CONF_ERROR;
++    }
++
++    return NGX_CONF_OK;
++}
+diff --git a/src/mail/ngx_mail_ssl_module.h b/src/mail/ngx_mail_ssl_module.h
+index c0eb6a3..02b4d4f 100644
+--- a/src/mail/ngx_mail_ssl_module.h
++++ b/src/mail/ngx_mail_ssl_module.h
+@@ -56,6 +56,8 @@ typedef struct {
+ 
+     u_char          *file;
+     ngx_uint_t       line;
++
++    ngx_str_t        pass_phrase_dialog;
+ } ngx_mail_ssl_conf_t;
+ 
+ 
+diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
+index ed275c0..1747aed 100644
+--- a/src/stream/ngx_stream_proxy_module.c
++++ b/src/stream/ngx_stream_proxy_module.c
+@@ -2305,7 +2305,7 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf)
+             if (ngx_ssl_certificate(cf, pscf->ssl,
+                                     &pscf->ssl_certificate->value,
+                                     &pscf->ssl_certificate_key->value,
+-                                    pscf->ssl_passwords)
++                                    pscf->ssl_passwords, NULL)
+                 != NGX_OK)
+             {
+                 return NGX_ERROR;
+diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
+index ba44477..43cd7e0 100644
+--- a/src/stream/ngx_stream_ssl_module.c
++++ b/src/stream/ngx_stream_ssl_module.c
+@@ -17,6 +17,8 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
+ #define NGX_DEFAULT_CIPHERS     "HIGH:!aNULL:!MD5"
+ #define NGX_DEFAULT_ECDH_CURVE  "auto"
+ 
++#define NGX_SSL_STREAM_NAME             "NGX_STREAM_SSL_MODULE"
++static ngx_str_t ngx_ssl_stream_default_name = ngx_string(NGX_SSL_STREAM_NAME);
+ 
+ static ngx_int_t ngx_stream_ssl_handler(ngx_stream_session_t *s);
+ static ngx_int_t ngx_stream_ssl_init_connection(ngx_ssl_t *ssl,
+@@ -57,6 +59,9 @@ static char *ngx_stream_ssl_alpn(ngx_conf_t *cf, ngx_command_t *cmd,
+ static char *ngx_stream_ssl_conf_command_check(ngx_conf_t *cf, void *post,
+     void *data);
+ 
++static char *ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd,
++    void *conf);
++
+ static ngx_int_t ngx_stream_ssl_init(ngx_conf_t *cf);
+ 
+ 
+@@ -233,6 +238,13 @@ static ngx_command_t  ngx_stream_ssl_commands[] = {
+       0,
+       NULL },
+ 
++    { ngx_string("ssl_pass_phrase_dialog"),
++      NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
++      ngx_conf_set_pass_phrase_dialog,
++      NGX_STREAM_SRV_CONF_OFFSET,
++      offsetof(ngx_stream_ssl_srv_conf_t, pass_phrase_dialog),
++      NULL },
++
+       ngx_null_command
+ };
+ 
+@@ -802,6 +814,7 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+ {
+     ngx_stream_ssl_srv_conf_t *prev = parent;
+     ngx_stream_ssl_srv_conf_t *conf = child;
++    ngx_ssl_ppdialog_conf_t    dlg;
+ 
+     ngx_pool_cleanup_t  *cln;
+ 
+@@ -846,6 +859,8 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+ 
+     ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL);
+ 
++    ngx_conf_merge_str_value(conf->pass_phrase_dialog,
++                         prev->pass_phrase_dialog, NGX_SSL_PASS_PHRASE_DEFAULT_VAL);
+ 
+     conf->ssl.log = cf->log;
+ 
+@@ -879,6 +894,23 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+     cln->handler = ngx_ssl_cleanup_ctx;
+     cln->data = &conf->ssl;
+ 
++    /** directive format: ssl_pass_phrase_dialog builtin|exec:filepath */
++    if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)"exec:", 5) == 0){
++       ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
++            "ssl_pass_phrase_dialog config directive SET: %s ", conf->pass_phrase_dialog.data);
++    } else if (ngx_strncasecmp(conf->pass_phrase_dialog.data, (u_char *)NGX_SSL_PASS_PHRASE_DEFAULT_VAL,
++               sizeof(NGX_SSL_PASS_PHRASE_DEFAULT_VAL)) != 0){
++
++       ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
++            "ssl_pass_phrase_dialog config directive accepts only the following "
++            "values: %s | exec:filepath", NGX_SSL_PASS_PHRASE_DEFAULT_VAL);
++
++       return NGX_CONF_ERROR;
++    }
++
++    dlg.data = &conf->pass_phrase_dialog;
++    dlg.server = &ngx_ssl_stream_default_name;
++
+ #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+     SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
+                                            ngx_stream_ssl_servername);
+@@ -923,7 +955,7 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+         /* configure certificates */
+ 
+         if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
+-                                 conf->certificate_keys, conf->passwords)
++                                 conf->certificate_keys, conf->passwords, &dlg)
+             != NGX_OK)
+         {
+             return NGX_CONF_ERROR;
+@@ -1371,3 +1403,30 @@ ngx_stream_ssl_init(ngx_conf_t *cf)
+ 
+     return NGX_OK;
+ }
++
++static char *
++ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
++{
++    ngx_stream_ssl_srv_conf_t *sscf = conf;
++    ngx_str_t                 *value;
++
++    if (sscf->pass_phrase_dialog.data){
++        return "is duplicate";
++    }
++
++    value = cf->args->elts;
++
++    sscf->pass_phrase_dialog = value[1];
++
++    if (sscf->pass_phrase_dialog.len == 0) {
++        return NGX_CONF_OK;
++    } else if (sscf->pass_phrase_dialog.len > NGX_SSL_PASS_PHRASE_ARG_MAX_LEN) {
++        ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
++            "ssl_pass_phrase_dialog argument length exceeded maximum possible length: %d",
++            NGX_SSL_PASS_PHRASE_ARG_MAX_LEN);
++
++        return NGX_CONF_ERROR;
++    }
++
++    return NGX_CONF_OK;
++}
+diff --git a/src/stream/ngx_stream_ssl_module.h b/src/stream/ngx_stream_ssl_module.h
+index 6f6d9ae..870640d 100644
+--- a/src/stream/ngx_stream_ssl_module.h
++++ b/src/stream/ngx_stream_ssl_module.h
+@@ -53,6 +53,8 @@ typedef struct {
+ 
+     ngx_flag_t       session_tickets;
+     ngx_array_t     *session_ticket_keys;
++
++    ngx_str_t        pass_phrase_dialog;
+ } ngx_stream_ssl_srv_conf_t;
+ 
+ 
+-- 
+2.44.0
+

0004-Disable-ENGINE-support.patch

@@ -0,0 +1,96 @@
+From 5dd0765607135a418289bc4a20060f31eeaede73 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
+Date: Tue, 2 Jul 2024 18:29:18 +0200
+Subject: [PATCH] Disable ENGINE support
+
+---
+ auto/options                  | 3 +++
+ configure                     | 4 ++++
+ src/event/ngx_event_openssl.c | 7 +++----
+ src/event/ngx_event_openssl.h | 2 +-
+ 4 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/auto/options b/auto/options
+index 6a6e990..3cc983d 100644
+--- a/auto/options
++++ b/auto/options
+@@ -45,6 +45,8 @@ USE_THREADS=NO
+ 
+ NGX_FILE_AIO=NO
+ 
++NGX_SSL_NO_ENGINE=NO
++
+ QUIC_BPF=NO
+ 
+ HTTP=YES
+@@ -373,6 +375,7 @@ use the \"--with-mail_ssl_module\" option instead"
+ 
+         --with-openssl=*)                OPENSSL="$value"           ;;
+         --with-openssl-opt=*)            OPENSSL_OPT="$value"       ;;
++        --without-engine)                NGX_SSL_NO_ENGINE=YES      ;;
+ 
+         --with-md5=*)
+             NGX_POST_CONF_MSG="$NGX_POST_CONF_MSG
+diff --git a/configure b/configure
+index 5b88ebb..3a2129e 100755
+--- a/configure
++++ b/configure
+@@ -104,6 +104,10 @@ have=NGX_HTTP_UWSGI_TEMP_PATH value="\"$NGX_HTTP_UWSGI_TEMP_PATH\""
+ have=NGX_HTTP_SCGI_TEMP_PATH value="\"$NGX_HTTP_SCGI_TEMP_PATH\""
+ . auto/define
+ 
++if [ $NGX_SSL_NO_ENGINE = YES ]; then
++    have=NGX_SSL_NO_ENGINE . auto/have
++fi
++
+ . auto/make
+ . auto/lib/make
+ . auto/install
+diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
+index 6f7f2a2..f939706 100644
+--- a/src/event/ngx_event_openssl.c
++++ b/src/event/ngx_event_openssl.c
+@@ -842,7 +842,7 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
+ 
+     if (ngx_strncmp(key->data, "engine:", sizeof("engine:") - 1) == 0) {
+ 
+-#ifndef OPENSSL_NO_ENGINE
++#if !defined(OPENSSL_NO_ENGINE) && !defined(NGX_SSL_NO_ENGINE)
+ 
+         u_char  *p, *last;
+         ENGINE  *engine;
+@@ -6119,8 +6119,7 @@ ngx_openssl_create_conf(ngx_cycle_t *cycle)
+ static char *
+ ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+ {
+-#ifndef OPENSSL_NO_ENGINE
+-
++#if !defined(OPENSSL_NO_ENGINE) && !defined(NGX_SSL_NO_ENGINE)
+     ngx_openssl_conf_t *oscf = conf;
+ 
+     ENGINE     *engine;
+@@ -6170,7 +6169,7 @@ ngx_openssl_exit(ngx_cycle_t *cycle)
+ #if OPENSSL_VERSION_NUMBER < 0x10100003L
+ 
+     EVP_cleanup();
+-#ifndef OPENSSL_NO_ENGINE
++#if !defined(OPENSSL_NO_ENGINE) && !defined(NGX_SSL_NO_ENGINE)
+     ENGINE_cleanup();
+ #endif
+ 
+diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
+index 761f48d..c60b16d 100644
+--- a/src/event/ngx_event_openssl.h
++++ b/src/event/ngx_event_openssl.h
+@@ -20,7 +20,7 @@
+ #include <openssl/conf.h>
+ #include <openssl/crypto.h>
+ #include <openssl/dh.h>
+-#ifndef OPENSSL_NO_ENGINE
++#if !defined(OPENSSL_NO_ENGINE) && !defined(NGX_SSL_NO_ENGINE)
+ #include <openssl/engine.h>
+ #endif
+ #include <openssl/evp.h>
+-- 
+2.44.0
+

0005-Compile-perl-module-with-O2.patch

@@ -1,3 +1,12 @@
+From 1d10021f057d2047a044078a6af8e27af790ddec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
+Date: Wed, 31 Jul 2024 17:47:10 +0200
+Subject: [PATCH] Compile perl module with O2
+
+---
+ src/http/modules/perl/Makefile.PL | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
 diff --git a/src/http/modules/perl/Makefile.PL b/src/http/modules/perl/Makefile.PL
 index 7edadcb..2ebb7c4 100644
 --- a/src/http/modules/perl/Makefile.PL
@@ -11,3 +20,6 @@ index 7edadcb..2ebb7c4 100644
  
      LDDLFLAGS         => "$ENV{NGX_PM_LDFLAGS}",
  
+-- 
+2.44.0
+

README.dynamic

@@ -16,5 +16,5 @@ Prevent dynamic modules from being enabled automatically
 You may want to avoid dynamic modules being enabled automatically. Simply
 remove this line from the top of /etc/nginx/nginx.conf:
 
-    include /usr/lib64/nginx/modules/*.conf;
+    include /usr/share/nginx/modules/*.conf;
 

SOURCES/404.html

@@ -1,120 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-    <head>
-        <title>The page is not found</title>
-        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-        <style type="text/css">
-            /*<![CDATA[*/
-            body {
-                background-color: #fff;
-                color: #000;
-                font-size: 0.9em;
-                font-family: sans-serif,helvetica;
-                margin: 0;
-                padding: 0;
-            }
-            :link {
-                color: #c00;
-            }
-            :visited {
-                color: #c00;
-            }
-            a:hover {
-                color: #f50;
-            }
-            h1 {
-                text-align: center;
-                margin: 0;
-                padding: 0.6em 2em 0.4em;
-                background-color: #900;
-                color: #fff;
-                font-weight: normal;
-                font-size: 1.75em;
-                border-bottom: 2px solid #000;
-            }
-            h1 strong {
-                font-weight: bold;
-                font-size: 1.5em;
-            }
-            h2 {
-                text-align: center;
-                background-color: #900;
-                font-size: 1.1em;
-                font-weight: bold;
-                color: #fff;
-                margin: 0;
-                padding: 0.5em;
-                border-bottom: 2px solid #000;
-            }
-            h3 {
-                text-align: center;
-                background-color: #ff0000;
-                padding: 0.5em;
-                color: #fff;
-            }
-            hr {
-                display: none;
-            }
-            .content {
-                padding: 1em 5em;
-            }
-            .alert {
-                border: 2px solid #000;
-            }
-
-            img {
-                border: 2px solid #fff;
-                padding: 2px;
-                margin: 2px;
-            }
-            a:hover img {
-                border: 2px solid #294172;
-            }
-            .logos {
-                margin: 1em;
-                text-align: center;
-            }
-            /*]]>*/
-        </style>
-    </head>
-
-    <body>
-        <h1><strong>nginx error!</strong></h1>
-
-        <div class="content">
-
-            <h3>The page you are looking for is not found.</h3>
-
-            <div class="alert">
-                <h2>Website Administrator</h2>
-                <div class="content">
-                    <p>Something has triggered missing webpage on your
-                    website. This is the default 404 error page for
-                    <strong>nginx</strong> that is distributed with
-                    Red Hat Enterprise Linux.  It is located
-                    <tt>/usr/share/nginx/html/404.html</tt></p>
-
-                    <p>You should customize this error page for your own
-                    site or edit the <tt>error_page</tt> directive in
-                    the <strong>nginx</strong> configuration file
-                    <tt>/etc/nginx/nginx.conf</tt>.</p>
-
-                    <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
-
-                </div>
-            </div>
-
-            <div class="logos">
-                <a href="http://nginx.net/"><img
-                    src="nginx-logo.png" 
-                    alt="[ Powered by nginx ]"
-                    width="121" height="32" /></a>
-                <a href="http://www.redhat.com/"><img
-                    src="poweredby.png"
-                    alt="[ Powered by Red Hat Enterprise Linux ]"
-                    width="88" height="31" /></a>
-            </div>
-        </div>
-    </body>
-</html>

SOURCES/50x.html

@@ -1,120 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-    <head>
-        <title>The page is temporarily unavailable</title>
-        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-        <style type="text/css">
-            /*<![CDATA[*/
-            body {
-                background-color: #fff;
-                color: #000;
-                font-size: 0.9em;
-                font-family: sans-serif,helvetica;
-                margin: 0;
-                padding: 0;
-            }
-            :link {
-                color: #c00;
-            }
-            :visited {
-                color: #c00;
-            }
-            a:hover {
-                color: #f50;
-            }
-            h1 {
-                text-align: center;
-                margin: 0;
-                padding: 0.6em 2em 0.4em;
-                background-color: #900;
-                color: #fff;
-                font-weight: normal;
-                font-size: 1.75em;
-                border-bottom: 2px solid #000;
-            }
-            h1 strong {
-                font-weight: bold;
-                font-size: 1.5em;
-            }
-            h2 {
-                text-align: center;
-                background-color: #900;
-                font-size: 1.1em;
-                font-weight: bold;
-                color: #fff;
-                margin: 0;
-                padding: 0.5em;
-                border-bottom: 2px solid #000;
-            }
-            h3 {
-                text-align: center;
-                background-color: #ff0000;
-                padding: 0.5em;
-                color: #fff;
-            }
-            hr {
-                display: none;
-            }
-            .content {
-                padding: 1em 5em;
-            }
-            .alert {
-                border: 2px solid #000;
-            }
-
-            img {
-                border: 2px solid #fff;
-                padding: 2px;
-                margin: 2px;
-            }
-            a:hover img {
-                border: 2px solid #294172;
-            }
-            .logos {
-                margin: 1em;
-                text-align: center;
-            }
-            /*]]>*/
-        </style>
-    </head>
-
-    <body>
-        <h1><strong>nginx error!</strong></h1>
-
-        <div class="content">
-
-            <h3>The page you are looking for is temporarily unavailable.  Please try again later.</h3>
-
-            <div class="alert">
-                <h2>Website Administrator</h2>
-                <div class="content">
-                    <p>Something has triggered missing webpage on your
-                    website. This is the default error page for
-                    <strong>nginx</strong> that is distributed with
-                    Red Hat Enterprise Linux.  It is located
-                    <tt>/usr/share/nginx/html/50x.html</tt></p>
-
-                    <p>You should customize this error page for your own
-                    site or edit the <tt>error_page</tt> directive in
-                    the <strong>nginx</strong> configuration file
-                    <tt>/etc/nginx/nginx.conf</tt>.</p>
-
-                    <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
-
-                </div>
-            </div>
-
-            <div class="logos">
-                <a href="http://nginx.net/"><img
-                    src="nginx-logo.png" 
-                    alt="[ Powered by nginx ]"
-                    width="121" height="32" /></a>
-                <a href="http://www.redhat.com/"><img
-                    src="poweredby.png"
-                    alt="[ Powered by Red Hat Enterprise Linux ]"
-                    width="88" height="31" /></a>
-            </div>
-        </div>
-    </body>
-</html>

SOURCES/index.html

@@ -1,117 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-    <head>
-        <title>Test Page for the Nginx HTTP Server on Red Hat Enterprise Linux</title>
-        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-        <style type="text/css">
-            /*<![CDATA[*/
-            body {
-                background-color: #fff;
-                color: #000;
-                font-size: 0.9em;
-                font-family: sans-serif,helvetica;
-                margin: 0;
-                padding: 0;
-            }
-            :link {
-                color: #c00;
-            }
-            :visited {
-                color: #c00;
-            }
-            a:hover {
-                color: #f50;
-            }
-            h1 {
-                text-align: center;
-                margin: 0;
-                padding: 0.6em 2em 0.4em;
-                background-color: #900;
-                color: #fff;
-                font-weight: normal;
-                font-size: 1.75em;
-                border-bottom: 2px solid #000;
-            }
-            h1 strong {
-                font-weight: bold;
-                font-size: 1.5em;
-            }
-            h2 {
-                text-align: center;
-                background-color: #900;
-                font-size: 1.1em;
-                font-weight: bold;
-                color: #fff;
-                margin: 0;
-                padding: 0.5em;
-                border-bottom: 2px solid #000;
-            }
-            hr {
-                display: none;
-            }
-            .content {
-                padding: 1em 5em;
-            }
-            .alert {
-                border: 2px solid #000;
-            }
-
-            img {
-                border: 2px solid #fff;
-                padding: 2px;
-                margin: 2px;
-            }
-            a:hover img {
-                border: 2px solid #294172;
-            }
-            .logos {
-                margin: 1em;
-                text-align: center;
-            }
-            /*]]>*/
-        </style>
-    </head>
-
-    <body>
-        <h1>Welcome to <strong>nginx</strong> on Red Hat Enterprise Linux!</h1>
-
-        <div class="content">
-            <p>This page is used to test the proper operation of the
-            <strong>nginx</strong> HTTP server after it has been
-            installed. If you can read this page, it means that the
-            web server installed at this site is working
-            properly.</p>
-
-            <div class="alert">
-                <h2>Website Administrator</h2>
-                <div class="content">
-                    <p>This is the default <tt>index.html</tt> page that
-                    is distributed with <strong>nginx</strong> on
-                    Red Hat Enterprise Linux.  It is located in
-                    <tt>/usr/share/nginx/html</tt>.</p>
-
-                    <p>You should now put your content in a location of
-                    your choice and edit the <tt>root</tt> configuration
-                    directive in the <strong>nginx</strong>
-                    configuration file
-                    <tt>/etc/nginx/nginx.conf</tt>.</p>
-
-                    <p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
-
-                </div>
-            </div>
-
-            <div class="logos">
-                <a href="http://nginx.net/"><img
-                    src="nginx-logo.png" 
-                    alt="[ Powered by nginx ]"
-                    width="121" height="32" /></a>
-                <a href="http://www.redhat.com/"><img
-                    src="poweredby.png"
-                    alt="[ Powered by Red Hat Enterprise Linux ]"
-                    width="88" height="31" /></a>
-            </div>
-        </div>
-    </body>
-</html>

SOURCES/nginx-1.14.0-logs-perm.patch

@@ -1,13 +0,0 @@
-diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c
-index aee7a58..bcceecb 100644
---- a/src/core/ngx_cycle.c
-+++ b/src/core/ngx_cycle.c
-@@ -1108,7 +1108,7 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user)
-         }
- 
-         fd = ngx_open_file(file[i].name.data, NGX_FILE_APPEND,
--                           NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS);
-+                           NGX_FILE_CREATE_OR_OPEN, NGX_FILE_DEFAULT_ACCESS | 0220);
- 
-         ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
-                        "reopen file \"%s\", old:%d new:%d",

SOURCES/nginx-1.16.0-enable-tls1v3-by-default.patch

@@ -1,157 +0,0 @@
-diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
-index 345914f..d23967f 100644
---- a/src/event/ngx_event_openssl.c
-+++ b/src/event/ngx_event_openssl.c
-@@ -252,6 +252,8 @@ ngx_ssl_init(ngx_log_t *log)
- ngx_int_t
- ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
- {
-+    ngx_uint_t prot = NGX_SSL_NO_PROT;
-+
-     ssl->ctx = SSL_CTX_new(SSLv23_method());
- 
-     if (ssl->ctx == NULL) {
-@@ -316,49 +318,54 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
- 
-     SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
- 
--#if OPENSSL_VERSION_NUMBER >= 0x009080dfL
--    /* only in 0.9.8m+ */
--    SSL_CTX_clear_options(ssl->ctx,
--                          SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1);
--#endif
--
--    if (!(protocols & NGX_SSL_SSLv2)) {
--        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2);
--    }
--    if (!(protocols & NGX_SSL_SSLv3)) {
--        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3);
--    }
--    if (!(protocols & NGX_SSL_TLSv1)) {
--        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1);
--    }
--#ifdef SSL_OP_NO_TLSv1_1
--    SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
--    if (!(protocols & NGX_SSL_TLSv1_1)) {
--        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
--    }
-+    if (protocols){
-+#ifdef SSL_OP_NO_TLSv1_3
-+        if (protocols & NGX_SSL_TLSv1_3) {
-+            prot = TLS1_3_VERSION;
-+        } else
- #endif
- #ifdef SSL_OP_NO_TLSv1_2
--    SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
--    if (!(protocols & NGX_SSL_TLSv1_2)) {
--        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
--    }
-+        if (protocols & NGX_SSL_TLSv1_2) {
-+            prot =  TLS1_2_VERSION;
-+        } else
- #endif
--#ifdef SSL_OP_NO_TLSv1_3
--    SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
--    if (!(protocols & NGX_SSL_TLSv1_3)) {
--        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
--    }
-+#ifdef SSL_OP_NO_TLSv1_1
-+        if (protocols & NGX_SSL_TLSv1_1) {
-+            prot = TLS1_1_VERSION;
-+        } else
- #endif
-+        if (protocols & NGX_SSL_TLSv1) {
-+            prot = TLS1_VERSION;
-+        }
-+
-+        if (prot == NGX_SSL_NO_PROT) {
-+                    ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
-+                      "No SSL protocols available [hint: ssl_protocols]");
-+            return NGX_ERROR;
-+        }
- 
--#ifdef SSL_CTX_set_min_proto_version
--    SSL_CTX_set_min_proto_version(ssl->ctx, 0);
--    SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_2_VERSION);
-+        SSL_CTX_set_max_proto_version(ssl->ctx, prot);
-+
-+        /* Now, we have to scan for minimal protocol version,
-+         *without allowing holes between min and max*/
-+#if SSL_OP_NO_TLSv1_3
-+        if ((prot == TLS1_3_VERSION) && (protocols & NGX_SSL_TLSv1_2)) {
-+            prot = TLS1_2_VERSION;
-+        }
- #endif
- 
--#ifdef TLS1_3_VERSION
--    SSL_CTX_set_min_proto_version(ssl->ctx, 0);
--    SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_3_VERSION);
-+#ifdef SSL_OP_NO_TLSv1_1
-+        if ((prot == TLS1_2_VERSION) && (protocols & NGX_SSL_TLSv1_1)) {
-+            prot = TLS1_1_VERSION;
-+        }
-+#endif
-+#ifdef SSL_OP_NO_TLSv1_2
-+        if ((prot == TLS1_1_VERSION) && (protocols & NGX_SSL_TLSv1)) {
-+            prot = TLS1_VERSION;
-+        }
- #endif
-+        SSL_CTX_set_min_proto_version(ssl->ctx, prot);
-+    }
- 
- #ifdef SSL_OP_NO_COMPRESSION
-     SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
-diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
-index 61da0c5..fa7ac41 100644
---- a/src/event/ngx_event_openssl.h
-+++ b/src/event/ngx_event_openssl.h
-@@ -145,6 +145,7 @@ typedef struct {
- #endif
- 
- 
-+#define NGX_SSL_NO_PROT  0x0000
- #define NGX_SSL_SSLv2    0x0002
- #define NGX_SSL_SSLv3    0x0004
- #define NGX_SSL_TLSv1    0x0008
-diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
-index b3f8f47..8340a12 100644
---- a/src/http/modules/ngx_http_ssl_module.c
-+++ b/src/http/modules/ngx_http_ssl_module.c
-@@ -613,8 +613,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
-     ngx_conf_merge_value(conf->early_data, prev->early_data, 0);
- 
-     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
--                         (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
--                          |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
-+                         0)
- 
-     ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
-                          NGX_SSL_BUFSIZE);
-diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
-index 5544f75..3316a4b 100644
---- a/src/mail/ngx_mail_ssl_module.c
-+++ b/src/mail/ngx_mail_ssl_module.c
-@@ -291,8 +291,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
-                          prev->prefer_server_ciphers, 0);
- 
-     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
--                         (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
--                          |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
-+                         0);
- 
-     ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
-     ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
-diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
-index ec9524e..37af046 100644
---- a/src/stream/ngx_stream_ssl_module.c
-+++ b/src/stream/ngx_stream_ssl_module.c
-@@ -625,8 +625,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
-                          prev->prefer_server_ciphers, 0);
- 
-     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
--                         (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
--                          |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
-+                         0);
- 
-     ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
-     ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);

SOURCES/nginx-1.16.0-pkcs11.patch

@@ -1,29 +0,0 @@
-diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
-index 7be4fb4..ab3865a 100644
---- a/src/event/ngx_event_openssl.c
-+++ b/src/event/ngx_event_openssl.c
-@@ -727,16 +727,24 @@ ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
-             return NULL;
-         }
- 
-+        if (!ENGINE_init(engine)) {
-+            *err = "ENGINE_init() failed";
-+            ENGINE_free(engine);
-+            return NULL;
-+        }
-+
-         *last++ = ':';
- 
-         pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
- 
-         if (pkey == NULL) {
-             *err = "ENGINE_load_private_key() failed";
-+            ENGINE_finish(engine);
-             ENGINE_free(engine);
-             return NULL;
-         }
- 
-+        ENGINE_finish(engine);
-         ENGINE_free(engine);
- 
-         return pkey;

SOURCES/nginx-auto-cc-gcc.patch

@@ -1,13 +0,0 @@
---- auto/cc/gcc.orig	2007-03-22 08:34:53.000000000 -0600
-+++ auto/cc/gcc	2007-03-22 08:58:47.000000000 -0600
-@@ -172,7 +172,9 @@
- 
- 
- # stop on warning
--CFLAGS="$CFLAGS -Werror"
-+# This combined with Fedora's FORTIFY_SOURCE=2 option causes it nginx
-+# to not compile.
-+#CFLAGS="$CFLAGS -Werror"
- 
- # debug
- CFLAGS="$CFLAGS -g"

arut.key

@@ -0,0 +1,114 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGYXyiQBEAC4jm1y+ODV4+YDGj9vp2BgHB4FJeQdgrBiVX+Mb2qCrEqJgeKV
+fVwKjkVYqnb76TTybdOKqCP5wdQrncKAKlXsMq6sdsiwPSrdRcjkeiE29WWrtbB4
+i+VObnoWklMblMxFQ1XQIkjs2wviidKjJw2VV3i4XnLSrHhWaWqviTLZCMQymoPs
+F+Tfu1WX9OUfOquekZ5KjkyBxB4ep6+NPeuIkPnW0SiTUhU8tbi8v0aBZEHSZLqE
+mq8KLROVuYSPvtU+NtaXAM09BHEVCfb409aDps9p6AFT+IN8yoOegGdEZjp6hJvS
+HxbhuwqNEtg4dTEV515YUCgKabqU1QaqI/Y0+Pdkpep1KRFc9YUYttDkCw7Ybu2u
+fwTGzwAbD+ThAIOdzmMDodzZaEMf+9fQG4bnO1PdNbXzyP7Kv9qzGa65+9oGCPOS
+qTpISR8pvzoI8w/Z/vG71ob/nQ6Xm0L986ksErdGhu16ZI7lW2eDYqy2IoFfbeSz
+HHxk484/pEibrlCRbP2Id+zULfxo1HGOGg+PAY9Q2uNzABsGDMnOhIvXHS+hP7oB
+sO9A4Prqu6K6cMp3QI219tmmOUegJpmGGPzoNgxR7H30wNcjZPv4PWr/c0fP70Ny
+ilgbdcEMDSHks30AmiuIvcUxo3A21p2nnpxsKAKYx42UJkyEK0HILMzcqwARAQAB
+tCZSb21hbiBBcnV0eXVueWFuIDxyLmFydXR5dW55YW5AZjUuY29tPokCTgQTAQgA
+OBYhBEM4eCXdsbuX7Da6XQB8jXwV2HNpBQJmF8pXAhsDBQsJCAcCBhUKCQgLAgQW
+AgMBAh4BAheAAAoJEAB8jXwV2HNppvQP/AjzdPKkGRzJkb1ioto/IEP1YhA/Eayk
+hvejJ0vyWVHXXH7FLW9fIZoApcsD1J8/7zIANm+62IfT3QNbL2R44IyhJB3AY22l
+t0ToLxodfugegF3NPYYyFOSRUoPD4g2T/dMCPOBX4MNEAnAlCmxAMaJNmQUO76IY
+GwELa3CH3Aqf7bthKy8P36G11hu7NgH6V9mVIRIpfnfpXFQIztj+vsWtswu4M5t7
+BNJwx4a2KTCVQpTdff5/0dO/5drQDxLbIg681WZk3Oe8Eu6nSc0Ud02NIkg1TQH/
+MryAp7o/ua3LRem+W/cktnT60p4uXPVZ3Rvg3zOmJSNJ+eIXY2+sDeZEPaROKldA
+IbnBacTsZjdswIlrbzinY8ZVRosaFlvHg/ESTBRItALHWCRdzOR1Wv1qy/PQfEEL
+qftDsCTQhssP1MHJWlejeqPlND3iT2vBDeOxqd6WhKuAc+L04iyBB6p867pwrgDF
+ecg82DPehsAnO2XBAFuIE/SLewkYm0B9HK7/J4LZqPwTAksPf/dnbMAmHWoBDqsu
+4U4U4SsJKsZ87R9ao8qO7IWCzHrXavHFmnbqweFfHToeKF/L4PB+tYoW3YmUOged
+CglpJv13bNWmRwL7+x8b7BwpVwClxHBHteDX4RIN5iPH9h20J4jIpzRa1kNJsTu1
+v4ZkqLWJlkiiiQEzBBABCAAdFiEEcziXMGntP0Q/TTffpk/VsXrbOagFAmYdpjsA
+CgkQpk/VsXrbOahISgf/U7ZO0yK0PsOcAFTB0TQBCNsAhxtJAEJoVoweuYiLk8jR
+0OeDRCy0BC//qWDLFT7NKuP50SM2u0Csbg+n6b0bdy+vXbbGVzIAYzG09rPYe2Q5
+qwqyAx+MMzyICXul9lGNU2qN2qjUXMb0mCWUhxwMvzRUeS7shT1CBhGrnpoYkY56
+NhWj7iG1BbLwYVQzDZC/Rp6rvwJQgZo7+DjaMjryGAEI0ujpUp8ywrPaJpwIuXDI
+D5BhcyUaEd3XOondHQNedlgERXHT4pN+oNMPWwN3+DeQYLS3FHiqyz05ZvoeWnao
+A2/fWNA+BqIdjilp/TDDI4Ef7c9hp13weaZggYB3M4kBMwQQAQgAHRYhBFc7/Ws9
+j7xkEHmmq6v1vYJ72b9iBQJmHabkAAoJEKv1vYJ72b9iDgoIAP1QJjl4ynLAV9Bo
+Ol4AAzxZ3x/2NEgLSnjLfhb/OduDxQlL9oPulWoLDG41xiZJkepEnQWmSsIYF6Xe
+RsAB+eREU2uCxqCvBXpyIs5npXvVDV2/PQuVEop7HByx6Hjr9XK8hugihnEi1p+9
+Ecbu+89fi93m3C/5uIIil46cHByjRZ+5Yy1UFUB/wsYud1qMcYmvDaqEo5AqWNcM
+gWUFhUfgGTtBbyvIWTeX0NHnrbzHP7lhmPfWsfOjAtO8PpM8Gz5RdNRq44DdRKdG
+uWVby/kni868H+8/tHalDR0I9/Mmg2Uax0eggTVpECv/4+xBduqSB2iPwgRnSzhZ
+6SVKJvKJAjMEEAEIAB0WIQT5TVS8DF1qZBfIzz/oLBEYr5TfbgUCZh5KVgAKCRDo
+LBEYr5TfbitgD/wMamMFfFZnPS7JS1NWEMb5fbhHob1EkmedIpbpRDXUtj0ksehW
+ZAEpmVF9btqS4B+B9tSK1VS2sy4XwEGodNVSGxdtF9W8+iAHAb6Hq1Z7ifWyb991
+Kt/pVk/8adxlU4G8h1fq0idhpnI8KvkAlPJR7+PoJOEN1+VdHS6tkE5LMTf6dF9F
+iVxKQczOS1b/GmfL3kYfu6UvI07ZuaP+90mOt/TZTwkzsWjRY2vofCIPSDY94rLj
+m6PmVFoU3PHLKW7yDz1YXkVE6SgQYGZ2bqB6OHJZnDXUTSHncHTbDVzZQekIs1lP
+V6e5N8Xo/VOpv28feKAsBqQ8ML53djmGUL0azjEz1g2kgPmTuZdKzZ5kcUsULdQV
+aRKcfyYD1oRpwwlw9GJAxliJHck1IdGGaCslrHtzkh3RMULlloAYitzD9jtKsrOj
+R19s+JK/tIfFZZ5gR5qhzgOL8WgkSrIaq2o9R4sigBz1IxnXXC573RDA2F5FAeE/
+K6EmAO+BqVkImZcmP1JsLtr+OM+jihXIILACEJwhOKPtZth9zrLYkXWB1nCaDxHp
+XEUpp6UPCQNgNX8NCghnJr5gis/SmYppgFlO9R9yZ7/LtP0tUX0CmhOeqGMnHt4R
+F8n8D7EBwMWvWjlUbsDkMKX4JORgojguHJZciWQC1gVRwJ0iTH/ImtzDnbQhUm9t
+YW4gQXJ1dHl1bnlhbiA8YXJ1dEBuZ2lueC5jb20+iQJOBBMBCAA4FiEEQzh4Jd2x
+u5fsNrpdAHyNfBXYc2kFAmYXyiQCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA
+CgkQAHyNfBXYc2kRFw//VFuCnW3EwoLCWWgWCikgI9kbVDr0/Qiyf2Gb9sfOyzBN
+q/+ZGjTs7EqTHbYUiCTgjy8t0SNKizoCXjSWLToTAXhOeTY3wDuHkdc3C2OPMPgm
+HPGmdnfplmsZjj689sy0MTnlLmU/87texR/f3REAKtchVjo5AojuZxXJi+ryBvoz
+KXi82M1JaYlIr15T+OiRtfZ3cgfTkb5CRa0YRV7QQ1zhOiF0AFKVVikFwRuquphT
+y2cSLILLzOpwG/CjMJzO4VOASmGJmdicIfYSsZSzz37RrcfeYwR6quJ55Y9QF9IU
+fg5AHWufpXaf6FbMsW1U1mOq0tMvwvdcO+u5I5SBj6IkqO4zavmW/i5zkxaq96wF
+Qn6+oRkqHnNNn0hl/B4MWdEjDJsaDXfkQ3Snn4Bfl1JPT6cH2NDVYQn1siIOim/W
+G5lhGLNB1TOAVLHblQ2xILadK0T33y6lfRUV3BOW01BDoF0ndyd7LjG5Di/cjfSo
+1hvhTkW7QJGfzVV4IAAxEyHKlmgONfggZoplqukuPsq7eNNRPhvlZq632QXIqt6Y
+xE43Nk0O41rX/tWtB7eNcPvfNOc+sGljnCSwpRWyx9xO7plELVD9KdtcyHrIgora
+Flh7KsSbppSQ/iUKRNP+lfCQsMa1yrnQyxazss8OGlB7YpUJL4trQW35f/jXFD+J
+ATMEEAEIAB0WIQRzOJcwae0/RD9NN9+mT9Wxets5qAUCZh2mQQAKCRCmT9Wxets5
+qPBjB/0SDkET7h/Vw2PJKxuYujsL+tn3SKXshgyCM2u00njJM9TqpZbZV681unKM
+l8uHtj9b0Z4U0nHoNEC37wI5FJlxy1hLBw5f2fd/yi8LsD1KP2htjMUW+I2xjcdo
+FusQsIF0s8SyW1DZ3vvN2WcZpKHwub1sY9ZFBfxRc6w+33N4dJwXVXP57kj3Ci8j
+LDLfkaKyiuYgMtFYZiKKX0tfvaM5pXxLvLOzma9vwfjIMIllooZHDSI65jrbmMv0
+rfDKOX9Ws5Xi8n85jq6Oyq28QPLZUsmymCbhvBwq4FcdiyTl9sxCY4HLq0MzmJJ5
+DMhlFd2Ds3BopFTWCB2fvYyVoXRaiQEzBBABCAAdFiEEVzv9az2PvGQQeaarq/W9
+gnvZv2IFAmYdpugACgkQq/W9gnvZv2Jk4Qf+N0P/7FIHowlO01XmBB5KaztBmVb2
+Tj+jtYgPDHRf86O0kW40Rjx++zMlIRNWK4Ue5PKAi82Yue5uvZcVlpWpx/sMvL+N
+C4Xds3Q3qnkxkoemoIMqUKGvePjBpyUWArBkBQ3FrvZtywnzyFWNrvOpeM+5HIuz
+WBri/SHBHzQm1/Jl2r5pHcbUdSxB2o1v3f+SaS2vGxwigIf8v44pRfyeWgkoxYgN
++2zR0Ing6URZCYkAbwILsmmWGxJIuq+N9Xs1CQ1WZd5S78p/JBMDQ1prUDLCLFMc
+AvlZpQ0HvzEbKGiIVNa1LEQRF4ZWjQOHaPJhg/D3r/Q7VaFlgsOqrwtQaYkCMwQQ
+AQgAHRYhBPlNVLwMXWpkF8jPP+gsERivlN9uBQJmHkpZAAoJEOgsERivlN9u8fYQ
+AK0s0CvQNTXrg/Oe92Ajj+CpFIGhEUgXsufpg3OF+4doXOoRrVcv6y/0dGC+u899
+Qiz5rzP8JkgT3Bvs/oFbQnESX7zob/GuBiRAnaanQQGjQsc8tXUcIgIB8vZI6Hxr
+BZYyjXMrc1fAp1zy6F3YfVtjntp6Zt740zlcFSHPL6pKeNC8lCas7f7EPGm9ERlf
+XvPOsMyKVDRTrtYVrQ17pgmWzMFl9eYzAV81X/cK7O9BmTvLb9HB9THl9QM6iKWd
+UPNNhMseMA55i1y1trvv2rQSP2tm7xAijlffNu/LHyVjOJA+63rk9JqpQi2O/sI6
+naCZ5kLky3+OisbzJLtsIv3KWGF4jnpZJwPI97UbRAxrBCPd8BDXW06qQ0xfF9GA
+sW46IDnf5uNV5Fj9T1IhZUUCU6XwwhcTENwcaJ2hubPzW19gvxieRpxdvnXhjUxR
+UgqgFjtlpyBSABYr2REiaBTHkR1qVMa8tThpSyzfmfBNe9chBGQBdDMzTTUDf4dU
+cw4UGGPXqrBEapleoZBszXLrZxQxCNmLGFBW3vcJDfRRTvg/OMCIwD72kfd8KY1t
+SRRi5vQ3CvV8E0EEXshjxVk0fwS+5muM1thWZM4xCSgyH6Ka/5biMeUv1VNcKJne
+J51xs9jfS/JltrT/ahWG4J9msJFtmYyrLh/nMxccXK75uQINBGYXyiQBEAC5tT5O
+uysy75BcwAg8jIK+Cw6hNy+riOoCIzsMen8ps4tyDFLmRdpJmVOpmtvESaix2MHf
+Hc/t9hOsQ8LmF3kDG/JisDXcB/v28EOiDpp5Ug/5UOFBnbu4DkxbakJF8KF/rQ9t
+i29lt03saGCf2XbqzTLI6FvZ2TT8hDwAZF5aOtDEHV3ChBPn6gplnJADiZ9DioMZ
+ji1HnL8Zu4IYHMNOgpxULi6TMhBH/MkHbyycOdt/EsQFamnLGeV8KR2fubYjrpbH
+pLZzSRepQyvKIhHAFj6DUeDyEt2XAitxI8YI40IVO75Zu8ZZq0qYGML8Am+t6ZjJ
+3ZR8/DWjxRUYeo+YVEe5f+oRl5GRNkLtGvTAD38Nb2/7SUYdSXA3y3Ocfo/bySwa
+qggeFpDqK5eHXmrO4hvRqYoEyNyW4VQlGyvYq4s2cLeCF/S2w6dV8OFsksIoq8uq
+R1/IQ8Bonsf7iAYpsMAZZOGKiJzr01W3GA4Ka3B/MmZP5CysUhFlFxMsDr3/TWfg
+p3CHd5yGAnuWWWkjqVQzx0tcub3gyDsHCPuws8P2OKJ2lzNPqpp08MjYMMRZb4Y6
+9REXkKw7kXU8zM5+1IpW2U+z83NU86QR08PTpjATz05ltdGqF82Z+Ygl2nav8oqV
+RqNd/k+WE60e1eJmgykjmz6nPbm0S2jt1C7QLQARAQABiQI2BBgBCAAgFiEEQzh4
+Jd2xu5fsNrpdAHyNfBXYc2kFAmYXyiQCGwwACgkQAHyNfBXYc2mTihAAqB+sv9lw
+kRorE6iXwvvj2Dt2iIy7jc1AhZQOH/j7B4GHpV3Ej/ptdUwuzj/aX5EnEeDPZ2JU
+sSKy2q0RpKGKdKOvgy5yVfd8xqujkawXv26QU53mgyfgQCZLhFFhq0MIAqnxPb8h
+SCQeol18Wqs++LjeDMwkgMrHJeNhW2U2llqTS37YfRMOo0Vr022ZHlMlkyMz1sQH
++C2/nzmmtkI4+vlPeccoN+3239YzndW1+XM8S3dXNcsGTyLAbkCowfpuqQdIP0MY
+lBwx/Xj9fxBNAuqGVCjrjGMg7mozMkeCDzrAoZiaD3Kud8zSs9VpAyAymrPQJSSS
+96b+vr2mDKbV11QJeJZv/d02n4JMjK7Ai//3j/TqkJF4UoYH45g5hvGSrym1UKrf
+n8TqHdtTFjcxAMXLbWICHdDk7/0ole8Bl8csiSHyKy/sGJ0b/7zcB88CS8OfsR3C
+OanK13emeD6rHOp8wEWA1/PA1JoAC5suS/uIgPWa5ujLaViJ9pW6ohfzMqOtLABF
+BB/FgD/qgPF+uTPPLQZw3XO8Q61kFq6x0RJGNgBEOpseounx+T6FCxZqrvjWm/WK
+VQUiRBtJIvD7Z8UCP+NUzdj3hwLAXpXrPz0gkcbI+hdlTJHCC6i61Qf5OIWnhtw6
+kZv2zEcTtzlAYNEumy8KrJzICmPLS7BEC8w=
+=ilJ3
+-----END PGP PUBLIC KEY BLOCK-----

instance.conf

@@ -0,0 +1,20 @@
+#
+# This is an example instance-specific configuration file.
+#
+# To use this example, copy instance.conf to /etc/nginx/foobar.conf
+# and replace all the references to @INSTANCE@, for example using:
+#
+#   # sed s/@INSTANCE@/foobar/g < instance.conf > /etc/nginx/foobar.conf
+#
+# This new configuration file be used instead of /etc/nginx/nginx.conf
+# when running:
+#
+#   # systemctl start nginx@foobar.service
+#
+# This example configuration adjust the location of the PID file,
+# access and error logs to be instance-specific.  Further
+# customisations will be required for an instance to run
+# simultaneously to nginx.service under the default configuration,
+# e.g. changing the port and root directory as appropriate.
+#
+

macros.nginxmods.in

@@ -0,0 +1,20 @@
+%_nginx_abiversion @@NGINX_ABIVERSION@@
+%_nginx_srcdir @@NGINX_SRCDIR@@
+%_nginx_buildsrcdir nginx-src
+%_nginx_modsrcdir ..
+%_nginx_modbuilddir ../%{_vpath_builddir}
+%nginx_moddir @@NGINX_MODDIR@@
+%nginx_modconfdir @@NGINX_MODCONFDIR@@
+
+%nginx_modrequires Requires: nginx(abi) = %{_nginx_abiversion}
+
+%nginx_modconfigure(:-:) \\\
+  %undefine _strict_symbol_defs_build \
+  cp -a "%{_nginx_srcdir}" "%{_nginx_buildsrcdir}" \
+  cd "%{_nginx_buildsrcdir}" \
+  nginx_ldopts="$RPM_LD_FLAGS -Wl,-E" \
+  ./configure --with-compat --with-cc-opt="%{optflags} $(pcre-config --cflags)" --with-ld-opt="$nginx_ldopts" \\\
+              --add-dynamic-module=$(realpath %{_nginx_modsrcdir}) --builddir=$(realpath %{_nginx_modbuilddir}) %{**} \
+  cd -
+
+%nginx_modbuild %{__make} -C "%{_nginx_buildsrcdir}" %{_make_output_sync} %{?_smp_mflags} %{_make_verbose} modules

maxim.key

@@ -0,0 +1,81 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF4TqFoBEADNbls05thIAYVVKdMDRdtzGk7HXGqx60u/kh4BL9HskUpyYFTp
+N07RJ1TyyusfD7I3skuGHvtQhqdTwHPDEPL5qrAnHps9XWUQrtU7hflcIKt43iDe
+TvfVVhN0nPir2++C4qvNnrC/UCisyz00H/I9mobl2qzyKyLT8BnUBVuXDfOTlUCY
+oF4z5BieOMvg1DZNKFDnK67ZuO4JXgtMlu4Q3tFd7qSWCWGuCuAGgn6eWFYMzCbB
+rPyBYwb7xyycQzqmJiD7Qm9OeVHmZj5rG5hGM14MyTSUVJle0U+CJCF9lmfVuR/c
+ySy7WmQgIg327x5Y5xa3pKZAvIAycnDabAk/08p59BG7UdAi2S7+2SicAH89/81V
+g4BI4mZp+IuxaP+S+ckaRf1CUvRAJuLTqUeBSuOzjag+ibD6rqusuZ1MZqLxnXyu
+gAztNDcmEFa/pqp5bgWbrlTF6zKt4cQf+a/JqFGatsfSzmrIyIZ6GEqgb8oXDDIt
+Z1AqsTfp6ZBC1vITE9+b0zBw6qq/nGD0Iq47Vp1VxmlxmnoeR4ir8z/oSukPulLU
+K3IqkmRNGEilINrtBt5jFbBlx8kwdCYvxEF6ymibBBqvwwv65jrrKheBQm+HrrVS
+aMQmo4Qzj/h/ZLL9KENHibNwUypJnvwEvw0YkAyjICvoNzDUsM+92+B/ewARAQAB
+tCFNYXhpbSBLb25vdmFsb3YgPG1heGltQG5naW54LmNvbT6JAlcEEwEKAEECGwMF
+CwkIBwMFFQoJCAsFFgIDAQACHgECF4ACGQEWIQRB25JxPTv0v/PukQacXn+i9Ul3
+1AUCY88PtQUJDSXXWwAKCRCcXn+i9Ul31EA9D/9RvgNAn+StYCRAJATj1MhmPN/a
+DP7DgqBvxjxAQVJtEbVypN0gGNi/pE7AjCG53wtCQaABAaSGikViOUFJu39VSj+a
+NyW1JQ0XOhZNJ7pMq1S7mgq1ibrbfb7Vlys25xoUsps3vVXt9ciVGW8GQ57sDcpY
+8Yp4X4GFbrcgu67bebJVcfzG61JkFxrBIZ45jaMRS6xpGiwvQw6DcpO1SAI7TGPt
+3uhRfj3yU9v++/ULzHg7Zq5d74BCcu6o1O59/juPKcS4Bym+d7nlp/AXFiEPAI7v
+RfXvlzNDncA/s4msEqaT1fPDAG8E9m01Hl3uoCn87H5BBM88rk47PslixNamX8sX
+pftEPOD4QMFNY0GsVS6/9OIAetaq08R5XjhJoXS2Z7VJWqJYmu0800LpIzNljsEf
+9Vt0z/ROKtykSB58OQKIV6EqcA1Dts7TlVFFE5tERMszghBJP++VZ52W6pUAZtXH
+26GQzzqcMSfjjw6RpsuyofsKMX2xAG3+z2ZFHzaRLi7kXNKcomOZO1DgsREwkzYL
+lLeuwcOuZaMauHy/Rds1Wo99eg8+qcFd67sefZMDkgqGZ+xE3+4qwZNBhZLGg7Rq
+hLQI0d1Qmr7PgJfzvEnm8/+5sN4jsatv6glVfYYUTwB7PQDDqT+y8rsvKJYnNjqI
+mBmazculVduYimFZ74hdBBARCgAdFiEEZVBsAu/CUPG3o9aU7PDpCywXIIMFAl4T
+qXUACgkQ7PDpCywXIIN5CQCgyNFrUBGlUvH9QlDSE/umzoyXW/UAn0ve2/HzpMVN
+uPMAAgnHYE2R0eiEtCNNYXhpbSBLb25vdmFsb3YgPG1heGltQEZyZWVCU0Qub3Jn
+PokCVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBEHbknE9O/S/
+8+6RBpxef6L1SXfUBQJjzw/CBQkNJddbAAoJEJxef6L1SXfUZM0P/j8qRgh1x/d4
+IjdlsArTyL5vLJUFzK2s6DEBhDiLJ5ehU77CY9eakITFkzsUbq+BJ7nG6/s763Mq
+HQ/bVcVQwl0iOq7QICL1N3ficKKd3WAZuuzBxDO3/MT128MDWMKOUu2jZiStctuM
+OaLaw9JtdTwPTvHFkOb1Ji6YY0XhYyJoPd5LufooHRT7WF7TYGk05JIrxYaYWi8/
+Rd+GWnU8qKAmw3NQ305ia6xEaPi5rkl+zxS4+bfs+H9rJ1dRM+nCwXABr5Db1amL
+t3J6JmXRJLdhGq1ZuAIuO1Irdxe+e0cGSWkUaC+9s9OQcBAxfZ0QSEDrI3/NF362
+yKYsmolQwxhvnhlS6maL7ySUSdd5AVzucAX4q3aQ5qzruV+VI9gDZHvUAEwNn3qL
+H3zhs05LQ3lCM5lWOs78N8yVRyyfzwxK/f01DQfvXm9nLD1mXOz91B0lkaosflfF
+8bjqwS930P0aOiGzBJ29qiVIukmrKWpV8L89yUePdFp2Qt59/cLZub1K8S4VuIl+
+AaQpaT4TXE9jz9sprChmuE8vrusI0VYNF+M6ZM5OhVb6QfBX911k2esBiVWLbF9A
+1E04CIMiYUNc9q+uqqIotJmw1F8QrCZBMm4H3dZHmvYL2tXuiBfaGoc7NljGSJx4
+R9bo2E8xd+T+K8PE6jILbnHdtlZiZ3EjiF0EEBEKAB0WIQRlUGwC78JQ8bej1pTs
+8OkLLBcggwUCXhOpbwAKCRDs8OkLLBcgg/jfAKCO7DIiB2DGBfLCFftmyuZJN2A6
+ZgCfV/cclX++mLyiyYqr2BXnrQk4NVGJAk4EEwEKADgWIQRB25JxPTv0v/PukQac
+Xn+i9Ul31AUCXhOoqAIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCcXn+i
+9Ul31E1LD/4yIPvNAf0x57jvphENedjXzA0DQOnzGc5MVLVsyLw4zYMGJxP2CXYN
+dUIGBKssoWiUDnEEVF4BNnrkrVO7y9XKWrXhDKI0Q23rau+2TyQ5VLT7Bgsf2QL5
+d1H/gdQvToIIQUEITipW81TmFzZlQzjvuivDmcLnYGJQzrEY/4UdC8lzH2noC3PR
+mC9O98DQgKn72RV1YMAhSfmLFnLFjmZQTHKAbWnVNuPvt4/Hmd/kFem4TOznbtG1
+Fa3Hvlb04crLRKns7pf4QQCd/pAp4WjMVyWf4LX44xYziqV3xKVUObv4lKWNO3/P
+VUb2ka3hKwyIKXiVpqheOd48+c/Kcm/L8mdJdA6+SVrCKBzWRMYPBEfzAVqeaj40
+qsNMfbuUgUc+m5f/45UiwWCoQrK5q5lKf9sIQ6RU3Yln43XJ7hP2urgvlW5ZMkW6
+qGJ6G6ANVVT2jouqQaYIa2nvMTjEOXh2xzjSw132FHxfr417MeLhQS4JZurMVViA
+u2SyyLN5oTU2i3+EzhR3DluHMNDz1K9C6SkJJQ+vWAtBaCer/02uxqxqOEnbKxEg
+RWgKVrMRya/5vDp1Lz/PvR8tc3ne4Yd/OZdqSHFLXIofJStsIlKPnELdIuOg8R7X
+594W4XX94V3n12hiiCU+CPFBRL/4PZV8CtbLY5rNFCdpiiN+EP35rbkCDQReE6ha
+ARAA6aSKum1vKZRHYk/0Os97toQttTDhtwzHj+dCjVDIrGMOFR2BS6Lg6KrGaEyN
+PYiWAW9xiwx4uJgZr8R0GR1irgO0TBz77Z7JsVADXPoeuT6zF13yd43hrNRrmypW
+9TB6dDtQw9yVJAloTWdUYJkopXI2wrfpEmsTQl92YTXMpkVaZMJNn8P+FMKr6GMy
+kJX5VYVrPeHhL5exmIGAsHj7ObIePJToT55wQu8AehfAxsA+IXPOazzbgVzUEoeO
+dzwEHN9RV0gEaHE5U0cNKPejE+yIGe69KVAyUbHRg0vD+1N/D4IU6i3mj8oir2y9
+Snxb2Z2PqQpqoEs3GmMduFDK9VIrs7m5LrZ6YweRHCC7W2Y/3x3dsaVdGf5L7YwK
+7Kp0VorjQHq+eQ+demXmCATDwmgfXVqE14nm1fz8mlf/RpCZqm3sIrByAQslqn5C
+nyL8wVd5/sUr+cTSUUgv3miX262F39t5fp3P8QTDrWULXs6l3fLQ34PL54nTBtQt
+2AqtuVnQ/Gy6Yt4gIYuzv8873/edAclGOYVpUbXS3lsv/vuC9DiXsdy4tLUYYeH5
+EzoSwW66Koj5oVwMXJEhOWKDRBGrjL8LqeqFNYTJiuIiLwOronFeKySULVa9IiA/
+CrX+ayatuIpwlkU+g20xW053MvedozkhY5rb3RHnjUaOQRUAEQEAAYkCPAQYAQoA
+JgIbDBYhBEHbknE9O/S/8+6RBpxef6L1SXfUBQJjzwtWBQkNJdL8AAoJEJxef6L1
+SXfU/YEP/AnuEZX3l/5bIFauUvA496j9REgSUXvMZhHi7pTd3sjgVZvax/WJ+ZNQ
+N0sFHFSO0wjHJPpJw3LVBqq1LzuLz4jdnWwtD5XWEBybVbN8TblRMA5NhT/KzZW6
+4LF2r64UjMtm03ry8RGOvWlX56/qT7eD6QM8Xo4zL6g1W3+XID0+hQ7zwxSHZqUm
+It8LE90eTwcGAMVvZ4BJ58bWpujbMsFcWX9oIbDaaJD+hhI209a4znFmF4iOHdEd
+nLYwe0PiIn3+nyNzJ5EQ/Qvor65BagGYeVQE8BhaPi8vkr9PBY+tIY9pzj+jWB8f
+MuScfSyGlja1VhrlwMpB4VxcVBgFp31LN5NPn8XqIoOQBDqYA6JDfQtMznZtpb8H
+u2Tx7bmLwit6MrCu9q66yzYZZ5jg8onbG5QthLER3Qi+m8My7dSlAvruvXS+xoOH
+kLjtJ+wx2joVAnvf+VPLqlLJGeuNQP8Ji2EpMw73FIeWLakZKAZRHzQgiV3nGDFX
+98Wo6hmHbP0eU4NT8kFKte/PIsKUo5LBbZrb5S7MPWvqXDo2iKthaAqA+rxUY0Zu
+Rv+Ij5IqzTZyStejJGngIQlABi4jtSpf6LdRPW3GpNZ5pUi1DNmfmxVl4xmV5enE
+53YQML90r5jsKt/JloNWYEUd7nM+801WiCqlr7lltunhIYyMTA7C
+=5smL
+-----END PGP PUBLIC KEY BLOCK-----

nginx-1.26.3.tar.gz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJHBAABCAAxFiEE1nhs4wPZqQIpmNxsyEZNVJr3XAoFAmejSkkTHHMua2FuZGF1
+cm92QGY1LmNvbQAKCRDIRk1UmvdcCjLpEADUp9kV6qDC42TDaxIAy6Vc9kDDXehN
+g2JE946SIaqTULq1wI7KhHIigGRPcyELOxLHu091pfW+IR81Ezj4eOC28ec8VcfP
+okZbymHRiDiWQrX+X5ylECxl8GdjTaHK0Pwc+uPQZgC3rA0atk4EnJREqA5G2Sla
+xpYBdRoWZoK00FJmmsuODOFLOdBhq/dWvRk/VH5wo9IaCqV4FDl6Y4QM+Zr/3wWs
+Te9vm2zg25oy+9eNJ32+e2rq01cSgBhG5U9p1vsjz5RikMyCCc5jhiCoPkoAejzm
+xMcTxv9rbmg9sVRQX6jbWDY1N63Vz/F1goLo67bV6PbXXqRTqrfVrcViKOz4K4IG
+uiwJe+MfNJayoE93N+AIkuBpHexevML/DNNREH2dlfP8oNCGuLHiHQk13DxRBxUc
+JHqMAcIx1Gmiv/RK6O9V6KqeUBUJyEoMDfVFSnl7SAbE5u5f/NWt/tjxmS3J28xt
+CWtVQVZXQ1du/tRGjZexv/Ux6H+qGOHFL2PH3kX5viSycL0adr59d1UgBTHOAm2Z
+txxR3o5VafMskeKY3p0kJDWconNExd2ro322S2eynOVMz6tlllmfjm8L/8jIQtuk
+1pzs8nUYq0H4dJ9lE7go5y3GhfaFguj+T2ff8JuorFsLJNrm4pBz2J6f8av70ULY
+UdZkcl07W46R5Q==
+=ZThc
+-----END PGP SIGNATURE-----

nginx-ssl-pass-dialog

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec /bin/systemd-ask-password "Enter TLS private key passphrase for $1 ($2) : "

nginx.conf

@@ -4,7 +4,7 @@
 
 user nginx;
 worker_processes auto;
-error_log /var/log/nginx/error.log;
+error_log /var/log/nginx/error.log notice;
 pid /run/nginx.pid;
 
 # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
@@ -23,9 +23,8 @@ http {
 
     sendfile            on;
     tcp_nopush          on;
-    tcp_nodelay         on;
     keepalive_timeout   65;
-    types_hash_max_size 2048;
+    types_hash_max_size 4096;
 
     include             /etc/nginx/mime.types;
     default_type        application/octet-stream;
@@ -36,31 +35,21 @@ http {
     include /etc/nginx/conf.d/*.conf;
 
     server {
-        listen       80 default_server;
-        listen       [::]:80 default_server;
+        listen       80;
+        listen       [::]:80;
         server_name  _;
         root         /usr/share/nginx/html;
 
         # Load configuration files for the default server block.
         include /etc/nginx/default.d/*.conf;
-
-        location / {
-        }
-
-        error_page 404 /404.html;
-            location = /40x.html {
-        }
-
-        error_page 500 502 503 504 /50x.html;
-            location = /50x.html {
-        }
     }
 
 # Settings for a TLS enabled server.
 #
 #    server {
-#        listen       443 ssl http2 default_server;
-#        listen       [::]:443 ssl http2 default_server;
+#        listen       443 ssl;
+#        listen       [::]:443 ssl;
+#        http2        on;
 #        server_name  _;
 #        root         /usr/share/nginx/html;
 #
@@ -73,17 +62,6 @@ http {
 #
 #        # Load configuration files for the default server block.
 #        include /etc/nginx/default.d/*.conf;
-#
-#        location / {
-#        }
-#
-#        error_page 404 /404.html;
-#            location = /40x.html {
-#        }
-#
-#        error_page 500 502 503 504 /50x.html;
-#            location = /50x.html {
-#        }
 #    }
 
 }

nginx.logrotate

@@ -1,10 +1,11 @@
-/var/log/nginx/*log {
-    create 0664 nginx root
+/var/log/nginx/*.log {
+    create 0640 nginx root
     daily
     rotate 10
     missingok
     notifempty
     compress
+    delaycompress
     sharedscripts
     postrotate
         /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true

nginx.service

@@ -1,6 +1,7 @@
 [Unit]
 Description=The nginx HTTP and reverse proxy server
-After=network.target remote-fs.target nss-lookup.target
+After=network-online.target remote-fs.target nss-lookup.target
+Wants=network-online.target
 
 [Service]
 Type=forking
@@ -11,7 +12,7 @@ PIDFile=/run/nginx.pid
 ExecStartPre=/usr/bin/rm -f /run/nginx.pid
 ExecStartPre=/usr/sbin/nginx -t
 ExecStart=/usr/sbin/nginx
-ExecReload=/bin/kill -s HUP $MAINPID
+ExecReload=/usr/sbin/nginx -s reload
 KillSignal=SIGQUIT
 TimeoutStopSec=5
 KillMode=mixed

nginx.sysusers

@@ -0,0 +1,3 @@
+#Type Name     ID             GECOS                 Home directory Shell
+g nginx -
+u nginx - "Nginx web server" /var/lib/nginx /sbin/nologin

nginx@.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=The nginx HTTP and reverse proxy server
+After=network-online.target remote-fs.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+Type=forking
+Environment=NGINX_INSTANCE=%i
+PIDFile=/run/nginx-%i.pid
+# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
+# SELinux context. This might happen when running `nginx -t` from the cmdline.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
+ExecStartPre=/usr/bin/rm -f /run/nginx-%i.pid
+ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/%i.conf
+ExecStart=/usr/sbin/nginx -c /etc/nginx/%i.conf
+ExecReload=/usr/sbin/nginx -s reload -c /etc/nginx/%i.conf
+KillSignal=SIGQUIT
+TimeoutStopSec=5
+KillMode=mixed
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target

nginxmods.attr

@@ -0,0 +1,14 @@
+%__nginxmods_requires() %{lua:
+    -- Match buildroot paths of the form
+    --    /PATH/OF/BUILDROOT/usr/lib/nginx/modules/  and
+    --    /PATH/OF/BUILDROOT/usr/lib64/nginx/modules/
+    -- generating a line of the form:
+    --    nginx(abi) = VERSION
+    local path = rpm.expand("%1")
+    if path:match("/usr/lib%d*/nginx/modules/.*") then
+        local requires = "nginx(abi) = " .. rpm.expand("%{_nginx_abiversion}")
+        print(requires)
+    end
+}
+
+%__nginxmods_path ^%{_prefix}/lib(64)?/nginx/modules/.*\\.so$

pluknet.key

@@ -0,0 +1,65 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGKE4psBEADpHSM/IxFD1nXBmnODYXzcl2A+6b6m9m1m2Y4Dlr0ed+y5Lxne
+QidE9I74A2KSm6+eHW2yh4i1ZwZbmwpmQqM+j5BMt7axoXOdKSyN+fYtUakzNbBN
+EDRKT79q/zIzkgTJradHkCQkwF1W3go+qPXjR2ZEnLma9dZED9VNI6PmOpeYaASo
+IkEfbKbwa/vPrvnDSSYY6Y02RXSRk5U1NvQgVUTJP9WGK7NlPUcTBDELLQv6fFPU
+kjBOel6MecsQ+v8iq4RJF2cbVF0hNjbAiNldjLV74Xd7yWVRlCbdb2agyvQjMNrD
+jHSvbEMiNB3R8yBHVW2Zldv8q0XjcwoDfdiZYFJe3lRUYmv6I2p+/DptD4r/3ILI
+peGZtSeOdQEw+vvODL/Ehq03anTrzcpZ6sDLfLrYJhYcrltj0/LMUnLDAjciwRUq
+XI46EfxwqsdLeqoZFQeO3LOFsh0kJKR2xOrUHIVy84NJ4Gmro6WmUkb1NfdjyHzF
+z8Lfbo46NKoTcwFsFF0q74jVVIVNUyIS91DusiMqLCsP8jqDOz/kyP4bOJQ+aUXf
+BANn4Ll1TFWsJ417moxz+Pi5sTaI0na8z2XB1N9WPsSml3FS75hJPJshN2T3VIea
+zB7GFWqk33ynSDt+cAisG5nsK9fFdcH+t5wm59oobyFbFhKxwX6ROuxlZwARAQAB
+tCRTZXJnZXkgS2FuZGF1cm92IDxwbHVrbmV0QG5naW54LmNvbT6JAk4EEwEKADgW
+IQTWeGzjA9mpAimY3GzIRk1UmvdcCgUCYoTimwIbAwULCQgHAwUVCgkICwUWAwIB
+AAIeAQIXgAAKCRDIRk1UmvdcCqbOD/9Htgk3mWvUFmrApkWQTIDNmLACZ1Sw1PXj
+Uqte8StYB0bYY+nmAXs7O5eC2h1ViParl7En1joEEMQQmH0qSnw4X1CM/hA8TAYW
+mBPITTNWo/R52WoyWeWGFnFNIperQmuIZc+pXm0VEFVPiX/2DXbCIu+jaXySvlCN
+LekmOD4VC7dJS8/ohoaXOR2T8ufS+1CsyPXomEb+COhqRZ3EVBa+k7pnElkFft3Y
+a1fR0AgatZFQpy+ukePhK7s/M5RGhDJWHgSAZFkf+X2jVV4NRJ+XsY80gU5DD2ZX
+QT6Je6Knxqk7FnWNSxkhReH6Ss5flZSoGDCmJ2AsPtGeUhus2fGqeN+waGKTZC35
+die2V4/cro1SWswSI6Y5GFDZT1olIUztPmSXU/A3oyizJI7XZybwUbpk5kK83VXm
+el3U/7Qr/VErlDWFefZWeUvT1RILZ8IRoNj4dv158RnKHt9G508A5qz4hUPKoSeq
+SiXhYwfkc31WPzIJ4ev+X5Ka2sG/CKbEMJ7qwc0Kadiu+ePPfqqbXjpTWRyrbcRM
+hRNcLNUi1SLWMBClOQG+5GNG1dPPHkbj4dO1OZuaUMwQdu8R8NlsGoVWS40bmVv5
+pXstzYCl7k/UnC/Ytlq61GeAoq8ILa6jGj0EWqlhvi0ZNMN+fROhzrRlTzIr/+WE
+Xf8EiVNFSbQlU2VyZ2V5IEthbmRhdXJvdiA8cy5rYW5kYXVyb3ZAZjUuY29tPokC
+TgQTAQoAOBYhBNZ4bOMD2akCKZjcbMhGTVSa91wKBQJihO2zAhsDBQsJCAcDBRUK
+CQgLBRYDAgEAAh4BAheAAAoJEMhGTVSa91wKgLQQANaf4UMndkWoefDQPkJ5qR4K
+fuV0WRz59riZEApTkVpPXzl8Y1i8Rgt9pa1v1i12vPyIXKav1rJXQcuDEzqrhQ2G
+yvuAE2U/t2mYaMUmwxWO2d8JA3slvBSgOkiYpbLooDizAdKMT5UQWGyw31Wm51iz
+HjoztebsyXeXgq9VDjv3D8LUBr/OY3Hguj6HV+zRtC95qgXYadW2FiCtvBK6RTDb
+iShTuseLSheGh9dZIUSnzaOiJpDA61ZDYtFZxSpe67vEzhSfHVsF+ZdCjoWhhVv+
++2wR4E0VQQtOM9uX1PMlZ5Ymr02/gidsXCM0ZjYXx4cDDhnq+nKomN64VloXWY9t
+PIi86XmzcSWlGUd+Ac6LyW7/f64bUWs4Ih0Idl0PF0sAr/6axKUsIs1nbn5MEtXk
+ZPAjcDLqLb9IIQaXRurm/il8v+bLXVBOJq33YUuGRuz8pu4vPA5Q97zglqhlIgbu
+prHMJ9hl5q39JwS3As2rK0o6Q9VVKr29rqSEfk4wEttvk0QMMU5zEvVl8MtqPj42
+qURqpHOadFbYMTwhUmRBUszRZPa5/pWqq0gWOtpyCWFVAsHFWQGJM1Eo6gGEyHZM
+YgBp+d29p2p409r1+06U67GBnXvUy0RyIpkLQtU+lyOJ6vvrBmmsDs/gc69GnlSC
+tZmCt0pLesJ7ZJzGdDkduQINBGKE4psBEADQr/enuDeVT11v6ejuYrg7aaZaGFUe
+3i28bQ4pRUKNfxs7zVYDDHi2i2bhS5j2yQnbsQtGcgoenw6lapmdQRzr4vjQAz9o
+kT6l4qpqvFFQM0wZTnigVDmmO9vTHR8Uk3iCKTd2ax3oko/xPWWYJautJ6ex8cOA
+coHSDeOjuIWSxCKq0BDFp6LoxkM8nuyLAX2cbhI3LncaZhVveMeN+Fmcsv+WpkKs
+yhX92umZuGwlraSyFy23FiRWSZPu9qVIxMMHvVrQJIgfhyWaHFzoF4M4qDoSKx92
+uWfUWgFwPOxOJ6/YcPsX4T8qTl9htmwPN0BibPTlcWaIFXtiU5bE1MivUPeACrI/
+gwUfCR3Mg+GYc13C6jzepREUhI7PLi3+A203PlMZd/aaSZkP6j+h4cwdapH5P4uF
+7T1EQ0MSdx3neAvu5p0IM6JpriwxfT3HsG+Y952T6MIeXcjNRebsBrygJhJ0/vyr
+wV5t8jL0yQty4CiE/QFnBs42l+rngi7K7Y1AZRBGK7JA09XaoLrfLmS+PrbYPsaJ
+flkM8GzUB7BBCLozxDHPzmPkf/A1w3XHZnYuZmS+pvjWCIoKpLQHI99oSUGho/TR
+gMRO4v7EAzluqCiepMl0xwFfHB115ND/mATazc4Pt6FxUsqffzfZrN01e1UVPrp5
+4x6YLO80JnOY6QARAQABiQI2BBgBCgAgFiEE1nhs4wPZqQIpmNxsyEZNVJr3XAoF
+AmKE4psCGwwACgkQyEZNVJr3XAp9ghAAgCgErxQYn/Lh/mzsxYXPnisggcBpceks
+mGw7knj1EGkXqq9CHn3EjCw8dB5N857UFlUr++DHwpFL5O36PRQo33RIUFbmBypG
+8C/xX1jWGu3xcaqS3P1ncsSSl6ckdvy9pjMxThm/RkXO0eJCn7FcanwPJXEB3Pbb
+mm0wLI2OXl/m7l5QAr7kErnPvGNzcbX6G35Q/MY8mumBWQ9H53R5ZPpi+OS40Wfn
+pZNKdh/Acwa7+2RokPqoOcJfxVdBOUigXTzb45qZgqEsSR7bkZAy2E80A/sJKPqs
+OGjp9cog3rBYyNBn5dasfR9KeBtluKnjUbzutXsQoKUSECY00YGrtneSXMku5hoE
+Dguk68w/L63ZApYHO/JTgJAYvqPOErAVUegPIw2CT1/2qi5vpClBcKkNS7RXrssA
+X+lElE0zbzX3bNG+lQuXby7jNUFYltkEiz6vTtc4HuHy8u40DHMswzkoDr0T8IE0
+7ZRAWXwV1nlA/dI337cHCsWMJyqem5wZZO13iqe07qaCg1uvBPeqDo81hOCn1us7
+l5SYRUTlt7KSFEHZ+Sx4bmVneAuRi5okaQdmrepy/ss/vVpRwWuQxsPkvT8boS7s
+mqOVsZFcNOuUJPUyOz1dHUL6FMYpk1dw+9n41gO4fLBzJekFTB/fxL6SRbYFWWn7
+x0VGHDmuaYQ=
+=HmVo
+-----END PGP PUBLIC KEY BLOCK-----

sb.key

@@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.11 (FreeBSD)
+
+mQENBE5E4vkBCADPkWWzk7W5cXOqeZ1ULNSj8nt5azbYjfQ8OyR2AaDW8J7oazYH
+reIHKid5uZVJxwr1uLoMloGiYTdy4XYIF2WcOfDnjNGumrAT0Nd4Kdax/pHr5Pdp
+jFsO4BkHyWk/5/zDCijyoGYLBR6I8hqn+WDuLG/sTtVuTWkUeOlfxb2eZdLyZ3oP
+5T5FXtWTpKvr2y7RGshmS6EJnjiVvvErdbNItFXghqvBBaFOJaS2PRBEO9RfKpti
+i+eS/cmlrm+Tjv44EPfQyLtAmCQ8uqfL50uIKEp6/dsC/OVJ6JlJOYl4j90DX7vB
+TJaOyUm4s+BLF2BK+Ow8+s+B6jQ5noa/o16NABEBAAG0IFNlcmdleSBCdWRuZXZp
+dGNoIDxzYkBuZ2lueC5jb20+iQE+BBMBAgAoBQJOROQ6AhsDBQkJZgGABgsJCAcD
+AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCmT9Wxets5qEQgB/43Mxmiy7DjXEbxIYkC
+9xPC4kf1X+bHkJ9BtAgaYDQewjtQ7vS98TKJBibm3l4egmBjFWjCpL8845n966+u
+XDqrDWJtOPUXvSEQNXGlijDGSxxpdK2dxDOKIOC8nIlZq/Xz/Uqjb2ZrszmYK2LD
+IHI1mN9HdI6aTt41QbtG0nkaPPgv3MEvxSMVCzVddroyPXvf/ErT4OSYU+dqJhH+
+SBIezuF0suzH/siCksbSBZHIst5rggpjsZvijP5YFH/hpEsR+tKXo9EFk49xn9Ou
+WdmpOEs7CKDbTApkh9XN/Pk5nJQ/HIDuW8pkgzf2wxNWlMSYw6xnozDkeIqpJcDD
+4niqiEYEEBECAAYFAk5OYocACgkQ7PDpCywXIIMKtQCfaAl2rvbEImu6MnDR32KG
+HTDH2TEAoNeWrSlavyFzbSQka53E9Gs6gF63tCBTZXJnZXkgQnVkbmV2aXRjaCA8
+c2JAd2FlbWUubmV0PokBQQQTAQIAKwIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYC
+AwECHgECF4AFAk5OR38CGQEACgkQpk/VsXrbOagPmAf/QmIEDkkiovc1MgQ81lh4
+eeHfvtptb+U4GVCu07DQUR9kEtN6Jqi65gKb95fEztI14PpX+euiWrc/RlnsxWc0
+jYF0UmyacWLN6oHPoxlCK5+7zyoz5UTNrYGkTfWfcNtTU509CEZRClBNjMZOTZjP
+QhdR+Ce6tngRcQvMGNaLjJkKuY7vPh6FjT5oqxpnEIRTsWq6bUaeCXm7j9x0as1Z
+w1E5D5it3Ug3VlAe58jFJmRgatOsWznKuNoLRjQ2Chp2ce+dLgXriuJMrvEsn5S4
+dImUGL5DVYWDVZNG+r85XnOhMfKG308pZby1uzFvD+j3P6yMj1tpaCAAi5lUkHh6
+bIhGBBARAgAGBQJOTmJ/AAoJEOzw6QssFyCDH50AoMyJPvPDTYXK5KHOlPYPZQ5M
+OuCAAJ9zQ/3hKedm3xCLGl4Y6hjxJNlUTbkBDQROROL5AQgAuGIfx9aVOOXVdj8b
+XvjBQt+UkBURYGACHFQ69w71Aupsg9pZ7FgwgVKxnoNlmRag8sInjQbs3M/lS0sB
+dg75zZ7Ph7aPev8RAqdtX5+xxvujv1cmkFBExFuC5Wp/Yfzk/lPWZR4vXZrTpRiF
+PLMlRu0CEJFqoqPPygGFar02Q7rO+da35pxAuYrOWGM7MNr8H/vk13+GiqniBQCa
+uSoWwZQzaEdG5VGgm/vAwPzO+Cbam3r+Hs7OieykAy8fv+B+qhHn8Vc/520iGvdO
+IAKpxl6oZrkbNL/wozOOLZni7iWl30C43ujxPiGRlg/YotHmhlnMic85QKyakXCS
+WXI/JQARAQABiQElBBgBAgAPBQJOROL5AhsMBQkJZgGAAAoJEKZP1bF62zmoGCwH
+/2a6zlu4Jwmv21vuroaAzECV8gp1luBeagn23EgMMukYhkbwLtL/0twAHmZlkpzl
+atfq/EH2PgOasl2biJixqp7o9V7Uw6PS5JoY+1IrLEurG+FU2TN/Ysp12al4Z0Hh
+p4yBRSEikISO9gkeUThixDPX1PjCpx8G/ZYqk+8jRCcDgWsUc/WV3VGPht68oDd7
+56/hfQYc/V3eJmm5WYLVGV7Q69tGtp6D09SpoeqCD2K77auEBRVJ4jaT4B2/EfSb
+x6y7Dy4Oxm8TBOQ2EZw2vEixKxtEt86/oBtLUkqVockPq/Ek9AL+KzT6VR1xU+Cm
+CoHAyoqJeb/xLBwuKWg0/4U=
+=iFlP
+-----END PGP PUBLIC KEY BLOCK-----

sources

@@ -0,0 +1,2 @@
+SHA512 (nginx-1.26.3.tar.gz) = cd780e495796bf7413e54a6730d11d55127b0ca6563acf5c75eb2698f62cddbbf5ba61820c57b2316c0bb789fcfd17f98a27a84b525ed50f304d1b1043ffa05d
+SHA512 (nginx-logo.png) = d4e739d62ff80df9124ca74c318520f28b50d9b3eed2928575fedaa9357f21f596167ba827a498b984495d6067c789d313a4261475c9e2802a2c55e2f50d55f7

thresh.key

@@ -0,0 +1,147 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBFrwMiUBDADo56OlDknN+ReCMP+8CN1biK5izmGd755TxktHLI9nAP8ociIq
+Hjrps22pBtAIQ6eZpwCFBys2mR/441rOgZW+O6uqBYrttbxTMvE43EmKYGuFCmuR
+u0JGMPuqnzF3Y+6uoKzqMzazSrZIBWsBKAkNYTw8+yPlxGgffhBp1ueME7Lskglh
+EV9gmrEM0QlWod7wSQvyruExPm5INx3MG63Xfvc0bPiWUOGKyMb7kXA5VgnWuzmS
+BCMm17+A32vMyxhYcvSEgUayQjGghI1uPDSqBQBMEFTgSK2wWzvAXf/M45nxKBgQ
+IEDmvoC8RM9JTtUr7RE/E1mjsuefF2vYYYsWBstRFGAlUV1/lPNNibu3NqbCug6b
+1IWJuV1DX9T9/f81GZJrsPgYYKC6Ai8C1B0NGWjos7/GzgEFENQgf5duOhFPadQz
+QbRxBoId4Fe/Uwe2HxI8ESCQMwsq8bowcCn6XRA2EYkAt17Kab6LH6tTP54XG9TL
+bV7bAhyrvZAk1lUAEQEAAbQjS29uc3RhbnRpbiBQYXZsb3YgPGsucGF2bG92QGY1
+LmNvbT6JAdcEEwEIAEECGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AWIQQT
+yCpjtgNXYVbjCk6g6pgbZrDZZwUCYoTfvAUJEPqvFwAKCRCg6pgbZrDZZxFYDADK
+R02XgC+AoyrqMwBNXC8Y6aiilEsyppsgj+KwZcGKDYN488gEmff+/KIEdtglw3I3
+tCMbo+FzFjHveeVCb0qrIMerWJg+o4YrxxqlQ9Q1InpduKLrIuGae0J1ybITS8+v
+iYAmwzy1Wb2CDDuCnhCR/QDfOE1CvRILVqIKezC0tRrBTEvRO84m6YMBtJ1DP75Z
+2cTNyjPos9+uxi4JcMKrMUBwZKya+z5i+Uxd66wuPj9KmggNG1x+bqMWmpTrSKUn
+gbLabFUth+uWumpj3/7HBT8Ov7rPgzY/vn3Fn5mKdLQm+kRwSX9/FbtHAE3Qsm+f
+6WW8CZ4XzL9ONfhQYwO2Jrq4HzgYloZkL+1Zs61X+zeEyr4o/mzt5DHbQRsD1UzQ
+gnh7t3YdSAy6gBqevjPWkQlq9e8eoFRydN/htwjS7dleikOsYktSnTIKlRXAWGCm
+jkRpQyZYuuPcWcGRt/0MVewRJmLemH6O+NviqhgGRePO9QR0R+yfdCwewPJEDk6J
+AjMEEAEKAB0WIQTWeGzjA9mpAimY3GzIRk1UmvdcCgUCYoeH1wAKCRDIRk1Umvdc
+Cqa9EAC8Li+w/sRwiu39vNUBogWiAKj3mlfS9lEdmPWx/MSzWtik+IlI931flFWI
+GL3OWC0ZXVV9G3WXQmVUqMtW2Eachy1DOSwAh4nRn03udfeMG79DUJBvMpAKTSua
+cVr2tRCFXQcx+6hmkZaANGjalzVu8tEcWfOiT19LS1QM+PH36adQCtRD+wwLgvVq
+qVowo6yO6jdhCATakRWO9uqeQXvdhJ7n5A3/Hg4QKtbb5vbz6QTPOs1+prICBdfF
+rVEdLx9BeZGVVoWeJNzbv9ZciC+8YYo/HOTbkccJSJ+G/FeHvshYL9Saxrsl1nUX
+yNCHBdrUyxPfZMgPWD2k431uplUVCwV5MOaQR4KU8AO3lcKVs02viw4smo0mWa6O
+pnMIHQ/cWgNxB5/66ch3r7YqosBi8KWHMVBejD+tOv/Y1Ey7v0mF7nBdIclbQz8t
+6PlKN8cOggqWjczPo1BtwPxiAkI8Y4VyhOk4ncZnluY1CtM2rQipLfcVFC/z3UGh
+ZuZ9WIi31ns8Va+msHyIaQx51PB0hSmL+AkDjUuB5APO9zFE2tGV9elbmant6f5c
+k4F65i19kDcfPe397FjqgyCdIduEDDtoaSS+a6oUgffHgXMXhtP2hI9zQ6c8Bnnd
+f10HDxakJEcNEz7m8i7VZ0xb+UsOej2rSgdyTIW+an9t8NF9eIkBMwQQAQgAHRYh
+BHM4lzBp7T9EP00336ZP1bF62zmoBQJii0M3AAoJEKZP1bF62zmoEZYIAIK8SaCJ
+KT/0NtCyzmFdjX6v+H+EYjEUJCx1QPsHt35Qglco24L/X9hnPJF9P6MY3S3PDLyd
+9JsmD+mujgsShqYFME/GzSScYy5Mzm5FM0xXs9UJ51YL+frKknenN5eIr7WVjXnh
+g0fKn2ZqXlZ/MozHKjKQhhzl9SN6b8eDbi1SFHS/FC7C4Tymnrkhi2KAvpEtUyvg
+mRSCU5Hrqh6wvi1bCpZ4+vXzQG20CT2cxa1YmgJIDhBqKiWGLyEY2hMCoRKsx5CI
+UVllc83Hrpk182DDOoVVhxFpStYD/4CNCP46oSeOtjv6EPLIIug25rsjBHPHPfMf
+p64DcAoKkk6cuFWJAjMEEAEKAB0WIQRB25JxPTv0v/PukQacXn+i9Ul31AUCYoeM
+ZQAKCRCcXn+i9Ul31EVUD/kB3lxEMDKFg/lFpSBxm1nxplmOCp5Nq9F8Rs9KDsbR
+Rc4zKL+2PLkgfxh/Nk5+9zjclUjFMBzYS0vEEml7f1R6ceG1a9r7HrdkO581Mvwe
+x90qVkMMKsShqIcuLzOK0LpvTobBlQpZCBImsNaEVHnmMR3hCz5OmUsGjxNgym87
++ovRJKCZRbbJ36w+COf/jVEkczm+7OrG5BeTTPwWjoIkqs6dajYikfZI79J7FZ2C
+pWpWeIgJA5emc3sAZWi0KTxlPZ9K4ff3iuV+Xf2PyuRC3iZlOuO66RJ/sl441ebN
+ckn1Ngu3s48PyMjgD3VG8WDh4RCqBtLpMQJc60wboq9gPMhyyd5eyTYMI90HAEg9
+pYGsw6Wk8NpUmBzbSzqSOOdN/SvAXkJmQVGKEzgvDLEsmTeddsjE6U+KUS+8Y69k
+Dc3sRIR3p5cKoPgZuK2mgbiXvF+TyVGODsyUUCygCGBNN8vsDDw4gpTuOhUm1nMP
+3jagHWz2NnMRo00x2nayjffjpMHCKSoNy+UTBKhVLffeZ8df6fCD9SAK+UavPVFW
+kMKhd+gofhrIbnca9ZL4K+CdyD1d0sxWNtoiDGi9HSnTwXhyGujv2QnNpBxCUZTD
+nvOEUSNFP/9N+tkAAGiAvk5L5ZuwHRppvnv6t6JEbM7ryRBwWHwgWHConwiFWImN
+XYkCMwQQAQoAHRYhBC6ZFqS4exJw9J8ez+sX9nTHmkCiBQJii1dOAAoJEOsX9nTH
+mkCiKu4P/0+je/GsBE69YVAwEFBrrfhEJtVUY8GSYM8WeFoq20SX8SqwltGLFB5R
+kbZGgPLe0lJrgXzL01GqjU1tnXPbtI7LEq1FKiTkcKVdne140oX1XJuxmFWBcldG
+1IetinhJt5EkaYc6nyk9iWgCz9n5YDq9Lr/9jLhFQAgawuicwAfuB13MGbJZYm/Z
+5eSdxnivXbrGAYR2TI6/kcf0JLGR03fKbrEM8uBnfZNkKZELyYrBCj4FYODT++Sx
+pDyrNr2/FlierISJrs272JT7ICg7Knjh6X7BSzsgK7JxyG2UtJKK7qJXYEqMtYhH
+U1tdh4Ru6zSd4DklgrFHwuUNlTm8f1gPQ4I46p2RCQy2HMnA9WhJ8kwE2JOAj83y
+87f9hDwjmn8Pf/iksXGRFQcfDqkOIUf2EnyBvxrzS57Dfvk6WCaH+OLKn1jMyxL8
+BekCyk7L7wrMJI4yH51jyJySScGBg1CM0fYqLFWU/I+jw9bHROdCOK2LBajkAYgx
+/eLG9WtS4etlNmpsxhSOi48wxa6kIOnD2rJGvQMALxhWJlVBEOMumv96qNCQCzHd
+6NRLBWBva4qlKM5RlZreeVyArFtTiUmnp6RST4FrMpVgmhoeyos6P6GIG6QVPS2b
+4dSRbeKmJFb15kZN8eYP4/BW7DMBzkFwtkRFDV5f/4W6CU6UIGzViQEcBBABCAAG
+BQJii68XAAoJEFIKmZOhwFL4HY0IAKejouSXBCQWJmpdsA9TV2WVdMspUZHDGRAH
+epQetm0+eX5Jh62ktuAZG+KCZ0bMdd8FJd6+RRpftUGhDibu9IFfyIK1v8jrChTU
+/EwK8cPgLn4KveTgC58UrKt4NMpqcETUCrXHVwZzYK/sGZxxKVHhmnQJtfsvg7FV
+7Ia9ohiUy1/rz9UlwLPUGmrDnSemSR9w1B3XeNN8SmTHQ5gpZt/rvsII0wMhvS7p
+TXDpK5YNAqItC+7ZDaU1T21xeZx9OGSt/T2ETXb0rjIJAhKiSShqbiRonZHrxOcg
+p0vSM1IAsgfnRihHu9YZ3Vj5ntegHh4fWdcTSZUx0n/YggArsyG0JEtvbnN0YW50
+aW4gUGF2bG92IDx0aHJlc2hAbmdpbnguY29tPokB1AQTAQgAPgIbAwULCQgHAwUV
+CgkICwUWAwIBAAIeAQIXgBYhBBPIKmO2A1dhVuMKTqDqmBtmsNlnBQJihN+8BQkQ
++q8XAAoJEKDqmBtmsNlncQ0L/0Yk1QejO06gWwV1J2eK9LmjbMofy2ujZBgW1IGt
+/goo5R4PzC8lBBcsBtsKyN0Rsh7QdLrtKKLQrE/gpwMTMdKhJTdP/c5tUY3EwgId
+BMYVaxArZQiWlPgSnoKuKydnn6Rb+Qtrhvb9pjn5XlGd/VSbAXZe8YTj6B8qjUa2
+YY+IreyB6wkPN/ytV5vcocbS7mzXaibGPVT35e0Pl1Be+xbJkbTmJTSJCSPwyHm9
+t2Vuq4e/c3fMwhOUbBjfssspR103vo91XO5sY+v2aQJOctNrv4ZpHMrwBH7MeqDI
+SCWg9PICUv0ewHzAEGB+K0v342rVAzVNEctwM3Jic7fEJYsItdw+Zk4r8NYqACoR
+CdSUEHqhP0DbYoWdthpUwD1J5ryWyKTCpTL4wNhKEMcNaiHH3qorSssyMHMFRPoX
+Kw9Pcay+Uo8NXc2KKxhEHTbQts0jYUNcq0yuWHoNQ4vhKkf9CHBrb/vS22vfEJyd
+6FX6ZRYK56A3EFAV8hK0BvZAw4kCMwQQAQoAHRYhBNZ4bOMD2akCKZjcbMhGTVSa
+91wKBQJih4fSAAoJEMhGTVSa91wKipoQAI3wkWd8HLQ0w4IFA6W3/igrZTut9sV+
+K5Veb61zCbJn6I2aO3ldSClMWpJfvG1OPKyaA6o4QfWt7KV9of8tu68k1rTrKKYe
+qXe/0KNp9nzEwVmLASG2U6onwaCehGocvhWc9tE6MF2Gi+l+OufqsMzmx7gkdwE+
+4d/VpY/i+eZzqNi1WWNUR45mrItvw84enGW2u4JOaFdSOE2PAbSTUOlcLxfC9yCo
+lxAkCsy+CsXM8WKlIDH8GpWh/mWyqjoAhZhrlGhdABjygqFAOrDhIaecc8eSOcD3
+6MQvhj/y1kh0Fe0rMCSdxUWtSjv+Sw5g1IG6GxhsqFxunxfGDpdbaLnyTQWahDfi
+5OsOFl6JbPFiTaF9Xqz+8r0hiwusT4AJvM5M+q18f5dNCeqVKmuAn3BVBw4RdG62
+WXt4q6uE5rDI513dR8t84dTgOr9+tHKh5TJqw46aI+kMe36z7FPXBgDsGSkNtM4J
+BYdZzxSoJCfsGCjlfapkLHrvI+S7AP2952WfYy36uuxBiuTp3vCghvKkXZUeN2kh
+P++0Zo4OjZGOllhab1X5xZGO8AjWeei4pq66Ys94Veidw5VRi/eWyvB3OhfCq9fb
+qZIKUfbgTu0y7vOEWWY9wQml12gpxQfkcI72NTiNMCH268WZoXYQJp0+NZtxjsHQ
+PdhNxQOaJPqziQEzBBABCAAdFiEEcziXMGntP0Q/TTffpk/VsXrbOagFAmKLQzAA
+CgkQpk/VsXrbOairRggArvsikhDrA1d/x1BXnzOxE2sznq/d84QCKMSQpavrzXHF
+LQF/qIB+ePA4bmzwvTxQup7yTLK3mQDl0rejXEQMnXHvgfH73c6l6TdAwsoLmrpt
+oGNzfzJsbiKD2hJT9jJVnipuqqOA7hPT73TA5KM4GzPupFTadB57lDxzzcRfALXi
+t5Qa6A83tLelQXLOWP6IdyPjraa/kva5jYsMavZU0xWTx9nPeGCwqAnqdEN4Hp8K
+WKYn9EzkBOL6pPB7GyG/G20ocTCv/ZCJMkamAxjprUovu9BUEg5fCcHrSBtsgGE0
+doPfqyOb4tCofZ8aXZYIu3+BEcNO0e5la+eW0YYYPIkCMwQQAQoAHRYhBEHbknE9
+O/S/8+6RBpxef6L1SXfUBQJih4xhAAoJEJxef6L1SXfUb8AQAML5vwKOTw6Bn0tA
+1ypo6DmlJUWalGgEkFheUC02s+BT+bL/fMsiXd6dBHHl/93bVBQBL/AjVBVv7viQ
+kfQLLk7iQmEQ/mljvImGkA/W+vyHKDue6n79Ccjfx/ECQB4Y8mmFhOqhDjEC6oR6
+ny77QbqmzvjkhfncD26cJq+qRGnE7EwuQI49bR1deQGxr5apqx5XRbf+GPnXlPTc
+nKxctRsw6PLOjFoyGhBnvC/rEzBUx+wE7jK+bY1TSdW8x91LA/SseWqsmEFzbZRt
+KKaHE9wD2DB9UvdBAjXdBZvKQ35zSJRWQByODztI9ZcaOWopK3UtIhG/eNIaJGcD
+9h3SaeVE8PcUkvZqhLtQf49KlUBc8/g6Nj1wqcBbHDXjbwzt9Qoh6uFyjMkbG3NP
+BXn7cT8888fJ9Oi53XjjZEVKA88AdcqWpUZtyElNwGtj8IvJ0R9SMKR/7KIYPFWm
+R04Uok+oj0wQABHkcLmYMUd8psw6aQWG7oybfgPokRChExigLWrCJbYd00banL18
+W6RxOQzceiKeZ5sZ5Y+yjQIrKxXKSLl42s8zol05TPScnBn+SAWigG4eEEJhT2by
+2WqbhCG9snN9/YMlY8MffOFnD05ps40CSdSCsRgcmaqxgjy75h/z5LYO4HnHwPdY
+p2ysNzlruScewHvijYJhEKxo17lBiQIzBBABCgAdFiEELpkWpLh7EnD0nx7P6xf2
+dMeaQKIFAmKLV00ACgkQ6xf2dMeaQKLLQg//etbDTflbm+HbxI/YyNQhyQfk7icE
+ytLL+wT9zDW9iq3AMdaPZwT690CsJhr7yzqjk0AGoMyuPfntvcvYb1mPTObXHMzh
+Rh7+tViPixkJd3hnjSrPBEOkpAghk6xWMx1wldZ9x5XyJ0yC+toBkSaB/KIQeRG2
+8/jHtxIQKvPGL28gUjdzW+jopSA4x6gSZAgQLyfsjoUHcMrRJXrwWcmSe8faD8qX
+XD4z4hN3wQg6olSuaxLM7OoNgbiEjKaL1LaX/xzvC0lGs9o2JBfNFDrng9Y/fZ4o
+9aGqx7AZey+4wTKjXqbdEqfDiHfzHxkLBunPxSjJAploOcuvhNOQAY7tv19/mYY1
+UoILY9ninCrXthe9ZqhaXxhRhqYhzrE8svF+R01I/U+N4985AnDKRkJ944pZfeh1
+wYzEZOPXWvvTsiBLbgi9LuAzoFjA4WJsJBp4AP/U7DtsuhMTmxyBJa+zg8PHj1Ew
+jBYYuE++ulsilS+76sQawT5KbszpYmEDJiQUuEJkujPQ+hGzuuocoqHrM/IcoAoy
+i5I/JMAYRqCQfGMFjirmVj3c01jgsOYl7ZgchtCBJfG8V6rlYdTq2FTdaLYdleZC
+kS7N4jtm+6/KEsf6ukeGNEMbsxTSPHq4RL13eSitRd9Ms+ukSZFFgE0rEiztcdxQ
+h1PeaEVaxHaSSWiJARwEEAEIAAYFAmKLrxcACgkQUgqZk6HAUvihvAgAk1ETByL3
+FZtIlk8scREfwzyqyXuSYWdJ5ED61fKnpcfwGKsOkd+4MwHOSgvxPdnLhBEsMkNq
+sV82EqX7lTIGoFBLTeW8ZGAxmt/88j3z6mnm33lSTreeVwsQ+B9ZKVAv4E/liDVm
+6iq9aYJni4FUoFjFhtgsvJUNs3oX0gaEXdaCqzIDysU2m01vOPx0HTeI95+HdlJW
+Iwwh/cp+YuclHppI+b0OQKJwLQDVyudzX0JYTWvgE/NCS6/rP8fjaqtFMWwL0tZl
+3JJAoLSAuhPyc+V2LkRVoETQGF9nRil2zSyy77Stfm2fRGstnQGOrNTud06el68/
+hYfWcCqooHNiMrkBjQRa8DInAQwA2Rk7UdUgpCWl+BMz9B9eKj0XtsNEciXHHKnS
+FYaSNCWNwib/FsiMfcPFh7xwUTof7e7HBFkvv0QEMCEp7R1MVNBfMiGtG1ICFIt9
+nByznPsRk4VvbY/prK4DZy2AmlwhNcT2pQO3AascgsCWdf6G+wcwnHg9tWCp0Xs9
+BNXuppmcRrpP4M1PPRIVeG1jeVXvuSHO2HjqPSXP5DhGgSGN7uLOhiLTnPINd186
+vf6tqRdqYw3g0W1ImEjGXHeNQfnieIWdU3X4C8KTEPsV3lvtmSAQCoge0CyKfz4c
+ORi4j8Edp8JpDQlbAThe529+R3eKUw7I/3ESxJBdqzLE/ItWvAcbGEserLDFrg9J
+1ojiKhsw3TVcDk+HIDzVakMz6HTd4ExSijMqTehzgKSVHDL+l2jc0f4VSecI+xwC
+3/kNsNTBpiPoUYtXBbJllHgQAakREkSKQBas02eqRu8SlQ3yEn87zTtNW8L7xpe7
+ZVtxwUgp40PUrsb8uMDJG7ZP5rhLABEBAAGJAbwEGAEIACYCGwwWIQQTyCpjtgNX
+YVbjCk6g6pgbZrDZZwUCYoTfwQUJEPqvGgAKCRCg6pgbZrDZZ3oEDAC1J3BVwlkX
++eoo8VsXAYxMXm8kIaTqOn/tHMOYepK+cWUdHaeCH3N8LigwN4Ve2LtzLBqN3WRA
+xFNy0DIzdBfA7QdcAoDLnB2FNrWTmwvC9nXkCogFfSCq7c+1oFHdn7M/VZNU4o0n
+hVOnqM8NLGcgzX3K3hr+WLYUgNQ9G6x0N9VU43tqVwJhvNv4pyiRpRdLlmhOEf35
+a/sWE1dttSKdrBhyzTbptw4dXr4lUpvlswWs+dLpSPPhWAuifORv/amWh3bxIxYE
+qE4o5NI/PQLJvJJLsJvMIIjpKlAGBJg5h3WCiIAkl7H+BesOUIIg8ava5ZUyjlFd
+szBMaBosZvRgFAlfnYhSGqzhip6PvXfK1YokNv7kqw43c0f1SmtSXZR43SRv/4vp
+XG7IqtTuqgSwn1qDJgr4yfs8QQykO/jG+cz7X+5OKSAulWi9OoqLyDWlsm3WccPI
+cJfbm71P+I/ha7ESVQfOxC92fQ7HQAboj7NhecJ4RLqjzrWSHmPGClI=
+=t1B0
+-----END PGP PUBLIC KEY BLOCK-----