diff --git a/Dockerfile-debian-otel.template b/Dockerfile-debian-otel.template
index b1a8a8e2ec7ae6718a283cde51caa7166dfd1bf0..50f090320097ed57e301976c3dd4126367c04a06 100644
--- a/Dockerfile-debian-otel.template
+++ b/Dockerfile-debian-otel.template
@@ -15,24 +15,46 @@ RUN set -x; \
;; \
*) \
# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
- echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \
- \
+# let's build binaries from the published packaging sources
# new directory for storing sources and .deb files
- && tempDir="$(mktemp -d)" \
+ tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
# (777 to ensure APT's "_apt" user can access it too)
\
# save list of currently-installed packages so build dependencies can be cleanly removed later
&& savedAptMark="$(apt-mark showmanual)" \
\
-# build .deb files from upstream's source packages (which are verified by apt-get)
+# build .deb files from upstream's packaging sources
&& apt-get update \
- && apt-get build-dep -y %%BUILDTARGET%% \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ curl \
+ devscripts \
+ equivs \
+ git \
+ libxml2-utils \
+ lsb-release \
+ xsltproc \
&& ( \
cd "$tempDir" \
- && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
- apt-get source --compile %%BUILDTARGET%% \
+ && REVISION="%%REVISION%%" \
+ && REVISION=${REVISION%~*} \
+ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
+ && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \
+ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
+ echo "pkg-oss tarball checksum verification succeeded!"; \
+ else \
+ echo "pkg-oss tarball checksum verification failed!"; \
+ exit 1; \
+ fi \
+ && tar xzvf ${REVISION}.tar.gz \
+ && cd pkg-oss-${REVISION} \
+ && cd debian \
+ && for target in %%BUILDTARGET%%; do \
+ make rules-$target; \
+ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
+ debuild-$target/nginx-$NGINX_VERSION/debian/control; \
+ done \
+ && make %%BUILDTARGET%% \
) \
# we don't remove APT lists here because they get re-downloaded and removed later
\
diff --git a/Dockerfile-debian-perl.template b/Dockerfile-debian-perl.template
index 03e801f56373ebca4392832b5dd4dba6f1a4d05b..d26452c36bcfe42f79e0d0b0df1594b2b8b77a42 100644
--- a/Dockerfile-debian-perl.template
+++ b/Dockerfile-debian-perl.template
@@ -13,24 +13,46 @@ RUN set -x; \
;; \
*) \
# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
- echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \
- \
+# let's build binaries from the published packaging sources
# new directory for storing sources and .deb files
- && tempDir="$(mktemp -d)" \
+ tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
# (777 to ensure APT's "_apt" user can access it too)
\
# save list of currently-installed packages so build dependencies can be cleanly removed later
&& savedAptMark="$(apt-mark showmanual)" \
\
-# build .deb files from upstream's source packages (which are verified by apt-get)
+# build .deb files from upstream's packaging sources
&& apt-get update \
- && apt-get build-dep -y %%BUILDTARGET%% \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ curl \
+ devscripts \
+ equivs \
+ git \
+ libxml2-utils \
+ lsb-release \
+ xsltproc \
&& ( \
cd "$tempDir" \
- && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
- apt-get source --compile %%BUILDTARGET%% \
+ && REVISION="%%REVISION%%" \
+ && REVISION=${REVISION%~*} \
+ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
+ && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \
+ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
+ echo "pkg-oss tarball checksum verification succeeded!"; \
+ else \
+ echo "pkg-oss tarball checksum verification failed!"; \
+ exit 1; \
+ fi \
+ && tar xzvf ${REVISION}.tar.gz \
+ && cd pkg-oss-${REVISION} \
+ && cd debian \
+ && for target in %%BUILDTARGET%%; do \
+ make rules-$target; \
+ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
+ debuild-$target/nginx-$NGINX_VERSION/debian/control; \
+ done \
+ && make %%BUILDTARGET%% \
) \
# we don't remove APT lists here because they get re-downloaded and removed later
\
diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template
index efef6e5427bfe48bfef1185c7eaf10b46a7a51a7..9dabd67c0aa57543f92af8497dd02449a1f112df 100644
--- a/Dockerfile-debian.template
+++ b/Dockerfile-debian.template
@@ -43,24 +43,46 @@ RUN set -x \
;; \
*) \
# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
- echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] %%PACKAGEREPO%% %%DEBIAN_VERSION%% nginx" >> /etc/apt/sources.list.d/nginx.list \
- \
+# let's build binaries from the published packaging sources
# new directory for storing sources and .deb files
- && tempDir="$(mktemp -d)" \
+ tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
# (777 to ensure APT's "_apt" user can access it too)
\
# save list of currently-installed packages so build dependencies can be cleanly removed later
&& savedAptMark="$(apt-mark showmanual)" \
\
-# build .deb files from upstream's source packages (which are verified by apt-get)
+# build .deb files from upstream's packaging sources
&& apt-get update \
- && apt-get build-dep -y %%BUILDTARGET%% \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ curl \
+ devscripts \
+ equivs \
+ git \
+ libxml2-utils \
+ lsb-release \
+ xsltproc \
&& ( \
cd "$tempDir" \
- && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
- apt-get source --compile %%BUILDTARGET%% \
+ && REVISION="%%REVISION%%" \
+ && REVISION=${REVISION%~*} \
+ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
+ && PKGOSSCHECKSUM="%%PKGOSSCHECKSUM%% *${REVISION}.tar.gz" \
+ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
+ echo "pkg-oss tarball checksum verification succeeded!"; \
+ else \
+ echo "pkg-oss tarball checksum verification failed!"; \
+ exit 1; \
+ fi \
+ && tar xzvf ${REVISION}.tar.gz \
+ && cd pkg-oss-${REVISION} \
+ && cd debian \
+ && for target in %%BUILDTARGET%%; do \
+ make rules-$target; \
+ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
+ debuild-$target/nginx-$NGINX_VERSION/debian/control; \
+ done \
+ && make %%BUILDTARGET%% \
) \
# we don't remove APT lists here because they get re-downloaded and removed later
\
diff --git a/mainline/debian-otel/Dockerfile b/mainline/debian-otel/Dockerfile
index 58a5cd998ae72371802605cddacc159af92a394f..1bb07c136ae42a24f7049e17371f7838d484f522 100644
--- a/mainline/debian-otel/Dockerfile
+++ b/mainline/debian-otel/Dockerfile
@@ -26,24 +26,46 @@ RUN set -x; \
;; \
*) \
# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
- echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
- \
+# let's build binaries from the published packaging sources
# new directory for storing sources and .deb files
- && tempDir="$(mktemp -d)" \
+ tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
# (777 to ensure APT's "_apt" user can access it too)
\
# save list of currently-installed packages so build dependencies can be cleanly removed later
&& savedAptMark="$(apt-mark showmanual)" \
\
-# build .deb files from upstream's source packages (which are verified by apt-get)
+# build .deb files from upstream's packaging sources
&& apt-get update \
- && apt-get build-dep -y nginx-module-otel \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ curl \
+ devscripts \
+ equivs \
+ git \
+ libxml2-utils \
+ lsb-release \
+ xsltproc \
&& ( \
cd "$tempDir" \
- && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
- apt-get source --compile nginx-module-otel \
+ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
+ && REVISION=${REVISION%~*} \
+ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
+ && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \
+ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
+ echo "pkg-oss tarball checksum verification succeeded!"; \
+ else \
+ echo "pkg-oss tarball checksum verification failed!"; \
+ exit 1; \
+ fi \
+ && tar xzvf ${REVISION}.tar.gz \
+ && cd pkg-oss-${REVISION} \
+ && cd debian \
+ && for target in module-otel; do \
+ make rules-$target; \
+ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
+ debuild-$target/nginx-$NGINX_VERSION/debian/control; \
+ done \
+ && make module-otel \
) \
# we don't remove APT lists here because they get re-downloaded and removed later
\
diff --git a/mainline/debian-perl/Dockerfile b/mainline/debian-perl/Dockerfile
index e3a51fb70f33f01b015af2695cd00e71afa7f4d9..3c6682a8187f7e3534ff24420f27a584dfc5b8cc 100644
--- a/mainline/debian-perl/Dockerfile
+++ b/mainline/debian-perl/Dockerfile
@@ -24,24 +24,46 @@ RUN set -x; \
;; \
*) \
# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
- echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
- \
+# let's build binaries from the published packaging sources
# new directory for storing sources and .deb files
- && tempDir="$(mktemp -d)" \
+ tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
# (777 to ensure APT's "_apt" user can access it too)
\
# save list of currently-installed packages so build dependencies can be cleanly removed later
&& savedAptMark="$(apt-mark showmanual)" \
\
-# build .deb files from upstream's source packages (which are verified by apt-get)
+# build .deb files from upstream's packaging sources
&& apt-get update \
- && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ curl \
+ devscripts \
+ equivs \
+ git \
+ libxml2-utils \
+ lsb-release \
+ xsltproc \
&& ( \
cd "$tempDir" \
- && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
- apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \
+ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
+ && REVISION=${REVISION%~*} \
+ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
+ && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \
+ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
+ echo "pkg-oss tarball checksum verification succeeded!"; \
+ else \
+ echo "pkg-oss tarball checksum verification failed!"; \
+ exit 1; \
+ fi \
+ && tar xzvf ${REVISION}.tar.gz \
+ && cd pkg-oss-${REVISION} \
+ && cd debian \
+ && for target in module-perl; do \
+ make rules-$target; \
+ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
+ debuild-$target/nginx-$NGINX_VERSION/debian/control; \
+ done \
+ && make module-perl \
) \
# we don't remove APT lists here because they get re-downloaded and removed later
\
diff --git a/mainline/debian/Dockerfile b/mainline/debian/Dockerfile
index 40a9838dc1bf38778e8940328408e3c1f9762790..5cbec01a91cd6e029ac90a0e8015f9f3e234a4b5 100644
--- a/mainline/debian/Dockerfile
+++ b/mainline/debian/Dockerfile
@@ -53,24 +53,46 @@ RUN set -x \
;; \
*) \
# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
- echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/mainline/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
- \
+# let's build binaries from the published packaging sources
# new directory for storing sources and .deb files
- && tempDir="$(mktemp -d)" \
+ tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
# (777 to ensure APT's "_apt" user can access it too)
\
# save list of currently-installed packages so build dependencies can be cleanly removed later
&& savedAptMark="$(apt-mark showmanual)" \
\
-# build .deb files from upstream's source packages (which are verified by apt-get)
+# build .deb files from upstream's packaging sources
&& apt-get update \
- && apt-get build-dep -y $nginxPackages \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ curl \
+ devscripts \
+ equivs \
+ git \
+ libxml2-utils \
+ lsb-release \
+ xsltproc \
&& ( \
cd "$tempDir" \
- && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
- apt-get source --compile $nginxPackages \
+ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
+ && REVISION=${REVISION%~*} \
+ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
+ && PKGOSSCHECKSUM="b9fbdf1779186fc02aa59dd87597fe4e906892391614289a4e6eedba398a3e770347b5b07110cca8c11fa3ba85bb711626ae69832e74c69ca8340d040a465907 *${REVISION}.tar.gz" \
+ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
+ echo "pkg-oss tarball checksum verification succeeded!"; \
+ else \
+ echo "pkg-oss tarball checksum verification failed!"; \
+ exit 1; \
+ fi \
+ && tar xzvf ${REVISION}.tar.gz \
+ && cd pkg-oss-${REVISION} \
+ && cd debian \
+ && for target in base module-geoip module-image-filter module-njs module-xslt; do \
+ make rules-$target; \
+ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
+ debuild-$target/nginx-$NGINX_VERSION/debian/control; \
+ done \
+ && make base module-geoip module-image-filter module-njs module-xslt \
) \
# we don't remove APT lists here because they get re-downloaded and removed later
\
diff --git a/stable/debian-otel/Dockerfile b/stable/debian-otel/Dockerfile
index 1bc689614c5e5f177ead3a630023642b582955e9..f0c48907c9d5c8dac8e933aace2358a2ce2c8bab 100644
--- a/stable/debian-otel/Dockerfile
+++ b/stable/debian-otel/Dockerfile
@@ -26,24 +26,46 @@ RUN set -x; \
;; \
*) \
# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
- echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
- \
+# let's build binaries from the published packaging sources
# new directory for storing sources and .deb files
- && tempDir="$(mktemp -d)" \
+ tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
# (777 to ensure APT's "_apt" user can access it too)
\
# save list of currently-installed packages so build dependencies can be cleanly removed later
&& savedAptMark="$(apt-mark showmanual)" \
\
-# build .deb files from upstream's source packages (which are verified by apt-get)
+# build .deb files from upstream's packaging sources
&& apt-get update \
- && apt-get build-dep -y nginx-module-otel \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ curl \
+ devscripts \
+ equivs \
+ git \
+ libxml2-utils \
+ lsb-release \
+ xsltproc \
&& ( \
cd "$tempDir" \
- && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
- apt-get source --compile nginx-module-otel \
+ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
+ && REVISION=${REVISION%~*} \
+ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
+ && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \
+ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
+ echo "pkg-oss tarball checksum verification succeeded!"; \
+ else \
+ echo "pkg-oss tarball checksum verification failed!"; \
+ exit 1; \
+ fi \
+ && tar xzvf ${REVISION}.tar.gz \
+ && cd pkg-oss-${REVISION} \
+ && cd debian \
+ && for target in module-otel; do \
+ make rules-$target; \
+ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
+ debuild-$target/nginx-$NGINX_VERSION/debian/control; \
+ done \
+ && make module-otel \
) \
# we don't remove APT lists here because they get re-downloaded and removed later
\
diff --git a/stable/debian-perl/Dockerfile b/stable/debian-perl/Dockerfile
index 17b0f1036126ffb9ce613c1e0e3f5ebabbd3cf2a..394c9822556891c4ce3da0b9efe90d0d586c9add 100644
--- a/stable/debian-perl/Dockerfile
+++ b/stable/debian-perl/Dockerfile
@@ -24,24 +24,46 @@ RUN set -x; \
;; \
*) \
# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
- echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
- \
+# let's build binaries from the published packaging sources
# new directory for storing sources and .deb files
- && tempDir="$(mktemp -d)" \
+ tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
# (777 to ensure APT's "_apt" user can access it too)
\
# save list of currently-installed packages so build dependencies can be cleanly removed later
&& savedAptMark="$(apt-mark showmanual)" \
\
-# build .deb files from upstream's source packages (which are verified by apt-get)
+# build .deb files from upstream's packaging sources
&& apt-get update \
- && apt-get build-dep -y nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ curl \
+ devscripts \
+ equivs \
+ git \
+ libxml2-utils \
+ lsb-release \
+ xsltproc \
&& ( \
cd "$tempDir" \
- && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
- apt-get source --compile nginx-module-perl=${NGINX_VERSION}-${DYNPKG_RELEASE} \
+ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
+ && REVISION=${REVISION%~*} \
+ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
+ && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \
+ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
+ echo "pkg-oss tarball checksum verification succeeded!"; \
+ else \
+ echo "pkg-oss tarball checksum verification failed!"; \
+ exit 1; \
+ fi \
+ && tar xzvf ${REVISION}.tar.gz \
+ && cd pkg-oss-${REVISION} \
+ && cd debian \
+ && for target in module-perl; do \
+ make rules-$target; \
+ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
+ debuild-$target/nginx-$NGINX_VERSION/debian/control; \
+ done \
+ && make module-perl \
) \
# we don't remove APT lists here because they get re-downloaded and removed later
\
diff --git a/stable/debian/Dockerfile b/stable/debian/Dockerfile
index e623e41414d4680ee0728cc17cf9b4535a9e9bf7..c5a2395390ff94de85fd5d45867ec14fe8879dcf 100644
--- a/stable/debian/Dockerfile
+++ b/stable/debian/Dockerfile
@@ -53,24 +53,46 @@ RUN set -x \
;; \
*) \
# we're on an architecture upstream doesn't officially build for
-# let's build binaries from the published source packages
- echo "deb-src [signed-by=$NGINX_GPGKEY_PATH] https://nginx.org/packages/debian/ bookworm nginx" >> /etc/apt/sources.list.d/nginx.list \
- \
+# let's build binaries from the published packaging sources
# new directory for storing sources and .deb files
- && tempDir="$(mktemp -d)" \
+ tempDir="$(mktemp -d)" \
&& chmod 777 "$tempDir" \
# (777 to ensure APT's "_apt" user can access it too)
\
# save list of currently-installed packages so build dependencies can be cleanly removed later
&& savedAptMark="$(apt-mark showmanual)" \
\
-# build .deb files from upstream's source packages (which are verified by apt-get)
+# build .deb files from upstream's packaging sources
&& apt-get update \
- && apt-get build-dep -y $nginxPackages \
+ && apt-get install --no-install-recommends --no-install-suggests -y \
+ curl \
+ devscripts \
+ equivs \
+ git \
+ libxml2-utils \
+ lsb-release \
+ xsltproc \
&& ( \
cd "$tempDir" \
- && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" \
- apt-get source --compile $nginxPackages \
+ && REVISION="${NGINX_VERSION}-${PKG_RELEASE}" \
+ && REVISION=${REVISION%~*} \
+ && curl -f -O https://hg.nginx.org/pkg-oss/archive/${REVISION}.tar.gz \
+ && PKGOSSCHECKSUM="825f610c44dfb97166112e6d060c0ba209a74f50e42c7c23a5b8742f468596f110bb1b4ca9299547a8a3d41f3a7caa864622f40f6c7bb4d8bab3d24880bdfb6a *${REVISION}.tar.gz" \
+ && if [ "$(openssl sha512 -r ${REVISION}.tar.gz)" = "$PKGOSSCHECKSUM" ]; then \
+ echo "pkg-oss tarball checksum verification succeeded!"; \
+ else \
+ echo "pkg-oss tarball checksum verification failed!"; \
+ exit 1; \
+ fi \
+ && tar xzvf ${REVISION}.tar.gz \
+ && cd pkg-oss-${REVISION} \
+ && cd debian \
+ && for target in base module-geoip module-image-filter module-njs module-xslt; do \
+ make rules-$target; \
+ mk-build-deps --install --tool="apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes" \
+ debuild-$target/nginx-$NGINX_VERSION/debian/control; \
+ done \
+ && make base module-geoip module-image-filter module-njs module-xslt \
) \
# we don't remove APT lists here because they get re-downloaded and removed later
\
diff --git a/update.sh b/update.sh
index 9a7d6b9b2f41c46cd096ffe8f6bc562c09dc8960..84218c2dd50962310ea35e78ccaf981807ce0591 100755
--- a/update.sh
+++ b/update.sh
@@ -179,23 +179,17 @@ get_buildtarget() {
alpine-slim)
echo base
;;
- alpine-perl)
- echo module-perl
- ;;
- alpine-otel)
- echo module-otel
- ;;
alpine)
echo module-geoip module-image-filter module-njs module-xslt
;;
debian)
- echo "\$nginxPackages"
+ echo base module-geoip module-image-filter module-njs module-xslt
;;
- debian-perl)
- echo "nginx-module-perl=\${NGINX_VERSION}-\${DYNPKG_RELEASE}"
+ *-perl)
+ echo module-perl
;;
- debian-otel)
- echo "nginx-module-otel"
+ *-otel)
+ echo module-otel
;;
esac
}