github_mirrors/openappsec
3
0
Fork 1
mirror of https://github.com/openappsec/openappsec.git synced 2025-06-28 16:41:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

sync code

Browse Source
This commit is contained in:
Ned Wright 2025-03-18 20:34:34 +00:00
parent 0246b73bbd
commit 51c2912434
1 changed files with 419 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

419
nodes/orchestration/scripts/cp-nano-makefile-generator-fresh.sh Normal file
View File

@ -0,0 +1,419 @@
#!/bin/bash
LC_ALL=C
initializeEnvironment()
{
if [ "$IS_FILE_PATH_PROVIDED" != YES ]; then
FILE_NAME_PATH=
IS_FILE_PATH_PROVIDED=NO
fi
TMP_NGINX_VERSION_FILE="/tmp/nginx_version_file.txt"
if [ "$IS_CONFIG_FILE_PROVIDED" != YES ]; then
TMP_NGINX_CONFIG_FILE="/tmp/nginx_config_file.txt"
IS_CONFIG_FILE_PROVIDED=NO
fi
SERVER_TYPE="nginx"
nginx_cmd=nginx
NGX_CC_OPT=
NGX_LD_OPT=
USE_PCRE=NO
TEST_BUILD_EPOLL=NO
USE_THREADS=NO
HTTP_V3=NO
HTTP_SSL=NO
HTTP_GZIP=YES
HTTP_GUNZIP=NO
HTTP_GZIP_STATIC=NO
HTTP_PROXY=YES
HTTP_GEOIP=NO
HTTP_GEO=YES
HTTP_REALIP=NO
HTTP_DAV=NO
HTTP_CACHE=YES
HTTP_UPSTREAM_ZONE=YES
NGX_COMPAT=NO
GCC_VERSION=
NGINX_VERSION=
RELEASE_VERSION=
for i in {0..34}; do
var_name="NGX_MODULE_SIGNATURE_${i}"
eval $var_name=0
done
}
extract_nginx_version_and_release()
{
${nginx_cmd} -v &> "$TMP_NGINX_VERSION_FILE"
NGINX_VERSION=`cat "$TMP_NGINX_VERSION_FILE" | grep -oP [0-9]+.[0-9]+.[0-9]+`
RELEASE_VERSION=`cat /etc/*-release | grep -i "PRETTY_NAME\|Gaia" | cut -d"\"" -f2`
}
tearDown()
{
rm -f ${TMP_NGINX_VERSION_FILE}
rm -f ${TMP_NGINX_CONFIG_FILE}
}
filter_cc_opt() {
CC_OPT=
for cc_extra_opt in ${@}; do
if [[ ${cc_extra_opt} =~ ^-ffile-prefix-map ]]; then
echo "removing ${cc_extra_opt}"
continue
fi
if [[ ${cc_extra_opt} =~ ^-fdebug-prefix-map ]]; then
echo "removing ${cc_extra_opt}"
continue
fi
if [ -z "$CC_OPT" ]; then
CC_OPT="${cc_extra_opt}"
else
CC_OPT="${CC_OPT} ${cc_extra_opt}"
fi
done
if [[ "$@" != "${CC_OPT}" ]]; then
echo "Notice: reduced CC_OPT is '${CC_OPT}'"
fi
NGX_CC_OPT="${CC_OPT}"
}
extract_gcc()
{
GCC_VERSION=`echo "$1" | grep -oP "gcc "[0-9]+ | tr ' ' '-'`
if [[ "$GCC_VERSION" == "gcc-4" ]]; then
GCC_VERSION=gcc-5
elif [[ "$GCC_VERSION" == "gcc-10" ]] || [[ "$GCC_VERSION" == "gcc-11" ]] || [[ "$GCC_VERSION" == "gcc-12" ]] || [[ "$GCC_VERSION" == "gcc-13" ]]; then
GCC_VERSION=gcc-8
fi
}
extract_cc_opt_ld_opt() {
local loc_options="$1"
NGX_CC_OPT=$(echo "$loc_options" | sed -n "s/.*--with-cc-opt='\([^']*\)'.*/\1/p")
filter_cc_opt "$NGX_CC_OPT"
NGX_CC_OPT="$NGX_CC_OPT"
NGX_LD_OPT=$(echo "$loc_options" | sed -n "s/.*--with-ld-opt='\([^']*\)'.*/\1/p")
if [ -n "$NGX_LD_OPT" ]; then
NGX_LD_OPT="$NGX_LD_OPT"
fi
}
read_config_flags() {
for option; do
opt="$opt `echo $option | sed -e \"s/\(--[^=]*=\)\(.* .*\)/\1'\2'/\"`"
case "$option" in
-*=*) value=`echo "$option" | sed -e 's/[-_a-zA-Z0-9]*=//'` ;;
*) value="" ;;
esac
case "$option" in
--with-http_realip_module) HTTP_REALIP=YES ;;
--with-http_dav_module) HTTP_DAV=YES ;;
--with-compat) NGX_COMPAT=YES ;;
--without-http-cache) HTTP_CACHE=NO ;;
--without-http_upstream_zone_module) HTTP_UPSTREAM_ZONE=NO ;;
--without-http_geo_module) HTTP_GEO=NO ;;
--with-http_geoip_module) HTTP_GEOIP=YES ;;
--with-http_geoip_module=dynamic) HTTP_GEOIP=YES ;;
--without-http_proxy_module) HTTP_PROXY=NO ;;
--with-http_gunzip_module) HTTP_GUNZIP=YES ;;
--with-http_gzip_static_module) HTTP_GZIP_STATIC=YES ;;
--without-http_gzip_module) HTTP_GZIP=NO ;;
--with-http_v3_module) HTTP_V3=YES ;;
--with-threads) USE_THREADS=YES ;;
--test-build-epoll) TEST_BUILD_EPOLL=YES ;;
--with-pcre) USE_PCRE=YES ;;
--with-http_ssl_module) HTTP_SSL=YES ;;
*)
# echo "$0: uninteresting option: \"$option\""
;;
esac
done
if [ "$NGX_COMPAT" = YES ]; then
HTTP_GZIP=YES
HTTP_DAV=NO
HTTP_REALIP=NO
HTTP_PROXY=YES
HTTP_GEOIP=NO
HTTP_GEO=YES
HTTP_UPSTREAM_ZONE=YES
HTTP_GUNZIP=NO
HTTP_GZIP_STATIC=NO
HTTP_SSL=NO
USE_THREADS=NO
fi
}
decode_configuration_flags() {
DECODED_CONFIGURATION_FLAGS=""
if [ -n "$GCC_VERSION" ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --with-cc=/usr/bin/${GCC_VERSION}"
fi
if [ "$HTTP_REALIP" = YES ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --with-http_realip_module"
fi
if [ "$HTTP_DAV" = YES ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --with-http_dav_module"
fi
if [ "$NGX_COMPAT" = YES ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --with-compat"
fi
if [ "$HTTP_CACHE" = NO ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --without-http-cache"
fi
if [ "$HTTP_UPSTREAM_ZONE" = NO ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --without-http_upstream_zone_module"
fi
if [ "$HTTP_GEO" = NO ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --without-http_geo_module"
fi
if [ "$HTTP_GEOIP" = YES ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --with-http_geoip_module --with-http_geoip_module=dynamic"
fi
if [ "$HTTP_PROXY" = NO ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --without-http_proxy_module"
fi
if [ "$HTTP_GUNZIP" = YES ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --with-http_gunzip_module"
fi
if [ "$HTTP_GZIP_STATIC" = YES ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --with-http_gzip_static_module"
fi
if [ "$HTTP_GZIP" = NO ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --without-http_gzip_module"
fi
if [ "$HTTP_V3" = YES ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --with-http_v3_module"
fi
if [ "$USE_THREADS" = YES ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --with-threads"
fi
if [ "$TEST_BUILD_EPOLL" = YES ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --test-build-epoll"
fi
if [ "$USE_PCRE" = YES ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --with-pcre"
fi
if [ "$HTTP_SSL" = YES ]; then
DECODED_CONFIGURATION_FLAGS="$DECODED_CONFIGURATION_FLAGS --with-http_ssl_module"
fi
echo "$DECODED_CONFIGURATION_FLAGS"
}
set_signatures() {
NGX_MODULE_SIGNATURE_9=1
NGX_MODULE_SIGNATURE_10=1
NGX_MODULE_SIGNATURE_12=1
NGX_MODULE_SIGNATURE_17=0
NGX_MODULE_SIGNATURE_25=1
NGX_MODULE_SIGNATURE_27=1
if [ "$USE_PCRE" = YES ]; then
NGX_MODULE_SIGNATURE_23=1
fi
if [ "$TEST_BUILD_EPOLL" = YES ]; then
NGX_MODULE_SIGNATURE_5=1
NGX_MODULE_SIGNATURE_6=1
fi
if [ "$USE_THREADS" = YES ]; then
NGX_MODULE_SIGNATURE_22=1
fi
if [ "$HTTP_V3" = YES ]; then
NGX_MODULE_SIGNATURE_18=1
NGX_MODULE_SIGNATURE_24=1
fi
if [ "$HTTP_GUNZIP" = YES ] || [ "$HTTP_GZIP" = YES ] || [ "$HTTP_GZIP_STATIC" = YES ]; then
NGX_MODULE_SIGNATURE_26=1
fi
if [ "$HTTP_REALIP" = YES ]; then
NGX_MODULE_SIGNATURE_28=1
NGX_MODULE_SIGNATURE_29=1
fi
if [ "$HTTP_DAV" = YES ]; then
NGX_MODULE_SIGNATURE_31=1
fi
if [ "$HTTP_CACHE" = YES ]; then
NGX_MODULE_SIGNATURE_32=1
fi
if [ "$HTTP_UPSTREAM_ZONE" = YES ]; then
NGX_MODULE_SIGNATURE_33=1
fi
if [ "$NGX_COMPAT" = YES ]; then
NGX_MODULE_SIGNATURE_3=1
NGX_MODULE_SIGNATURE_4=1
NGX_MODULE_SIGNATURE_18=1
NGX_MODULE_SIGNATURE_22=1
NGX_MODULE_SIGNATURE_24=1
NGX_MODULE_SIGNATURE_26=1
NGX_MODULE_SIGNATURE_28=1
NGX_MODULE_SIGNATURE_29=1
NGX_MODULE_SIGNATURE_30=1
NGX_MODULE_SIGNATURE_31=1
NGX_MODULE_SIGNATURE_33=1
NGX_MODULE_SIGNATURE_34=1
fi
}
combine_signatures_into_bash() {
for i in {0..34}; do
var_name="NGX_MODULE_SIGNATURE_${i}"
NGX_SCRIPT_VERIFICATION_DATA="${NGX_SCRIPT_VERIFICATION_DATA}${!var_name}"
done
}
print_flags() {
echo "Saving configuration to ${FILE_NAME_PATH}"
echo -e "NGX_SCRIPT_VERIFICATION_DATA=$NGX_SCRIPT_VERIFICATION_DATA" >> ${FILE_NAME_PATH}
echo -e "NGX_MODULE_SIGNATURE=$(strings $(which ${nginx_cmd}) | grep -F '8,4,8')" >> ${FILE_NAME_PATH}
echo -e "USE_PCRE=$USE_PCRE" >> ${FILE_NAME_PATH}
echo -e "TEST_BUILD_EPOLL=$TEST_BUILD_EPOLL" >> ${FILE_NAME_PATH}
echo -e "USE_THREADS=$USE_THREADS" >> ${FILE_NAME_PATH}
echo -e "HTTP_V3=$HTTP_V3" >> ${FILE_NAME_PATH}
echo -e "HTTP_SSL=$HTTP_SSL" >> ${FILE_NAME_PATH}
echo -e "HTTP_GZIP=$HTTP_GZIP" >> ${FILE_NAME_PATH}
echo -e "HTTP_GUNZIP=$HTTP_GUNZIP" >> ${FILE_NAME_PATH}
echo -e "HTTP_GZIP_STATIC=$HTTP_GZIP_STATIC" >> ${FILE_NAME_PATH}
echo -e "HTTP_PROXY=$HTTP_PROXY" >> ${FILE_NAME_PATH}
echo -e "HTTP_GEOIP=$HTTP_GEOIP" >> ${FILE_NAME_PATH}
echo -e "HTTP_GEO=$HTTP_GEO" >> ${FILE_NAME_PATH}
echo -e "HTTP_REALIP=$HTTP_REALIP" >> ${FILE_NAME_PATH}
echo -e "HTTP_DAV=$HTTP_DAV" >> ${FILE_NAME_PATH}
echo -e "HTTP_CACHE=$HTTP_CACHE" >> ${FILE_NAME_PATH}
echo -e "HTTP_UPSTREAM_ZONE=$HTTP_UPSTREAM_ZONE" >> ${FILE_NAME_PATH}
echo -e "NGX_COMPAT=$NGX_COMPAT" >> ${FILE_NAME_PATH}
echo -e "NGX_CC_OPT=$NGX_CC_OPT" >> ${FILE_NAME_PATH}
echo -e "NGX_LD_OPT=$NGX_LD_OPT" >> ${FILE_NAME_PATH}
echo -e "GCC_VERSION=$GCC_VERSION" >> ${FILE_NAME_PATH}
echo -e "NGINX_VERSION=$NGINX_VERSION" >> ${FILE_NAME_PATH}
echo -e "RELEASE_VERSION=$RELEASE_VERSION" >> ${FILE_NAME_PATH}
}
save_config() {
initializeEnvironment
extract_nginx_version_and_release
if [ "$IS_FILE_PATH_PROVIDED" = NO ]; then
FILE_NAME_PATH="$(pwd)/$NGINX_VERSION.mk"
fi
rm -f ${FILE_NAME_PATH}
if [ "$IS_CONFIG_FILE_PROVIDED" = NO ]; then
${nginx_cmd} -V &> "$TMP_NGINX_CONFIG_FILE"
fi
gcc_argument=$(cat $TMP_NGINX_CONFIG_FILE | grep "built by gcc")
extract_gcc "${gcc_argument}"
configure_arguments=$(cat $TMP_NGINX_CONFIG_FILE | grep "^configure arguments:" | sed 's/^configure arguments: //')
extract_cc_opt_ld_opt "$configure_arguments"
configure_arguments=$(echo "$configure_arguments" | sed "s/--with-cc-opt='[^']*'//" | sed "s/--with-ld-opt='[^']*'//" | tr -s ' ')
read_config_flags $configure_arguments
set_signatures
combine_signatures_into_bash
print_flags
}
read_chkp_mk_file() {
input_file="$1"
if [[ ! -f "$input_file" ]]; then
echo "Error: File '$input_file' not found."
exit 1
fi
while IFS= read -r line; do
[[ -z "$line" || "$line" =~ ^# ]] && continue
if [[ "$line" =~ ^([A-Z_]+)=(.*)$ ]]; then
var_name="${BASH_REMATCH[1]}"
var_value="${BASH_REMATCH[2]}"
export "$var_name"="$var_value"
fi
done < "$input_file"
}
print_ngx_config() {
read_chkp_mk_file "$1"
decode_configuration_flags
}
parse_save_arguments() {
while [[ $# -gt 0 ]]; do
case "$1" in
--config_file)
if [[ -n "$2" ]]; then
TMP_NGINX_CONFIG_FILE="$2"
IS_CONFIG_FILE_PROVIDED=YES
shift 2
else
echo "Error: --config_file requires a value."
exit 1
fi
;;
--save-location)
if [[ -n "$2" ]]; then
FILE_NAME_PATH="$2"
IS_FILE_PATH_PROVIDED=YES
shift 2
else
echo "Error: --save-location requires a value."
exit 1
fi
;;
*)
echo "Error: Invalid argument '$1'."
echo "Usage: $0 save [--config_file <file_path>] [--save-location <file_path>]"
exit 1
;;
esac
done
}
if [[ "$1" == "save" ]]; then
shift
parse_save_arguments "$@"
save_config
elif [[ "$1" == "load" ]]; then
if [[ -n "$2" ]]; then
print_ngx_config "$2"
else
echo "Error: Missing file path for 'load' command."
echo "Usage: $0 load <file_path>"
exit 1
fi
else
echo "Error: Invalid command."
echo "Usage: $0 <save|load> [file_path]"
exit 1
fi