mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-01-06 17:22:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

main/valkey: move TLS support to valkey-tls subpackage

Browse Source
This commit is contained in:
Jakub Jirutka 2025-11-17 16:52:07 +01:00
parent e1d726885c
commit 4e468794e5
4 changed files with 223 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
main/valkey/APKBUILD
View File

@ -4,7 +4,7 @@
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=valkey
pkgver=9.0.0
pkgrel=0
pkgrel=1
pkgdesc="Open source high-performance key/value datastore (fork of Redis)"
url="https://valkey.io/"
arch="all"
@ -29,12 +29,14 @@ install="
$pkgname-compat.pre-install
"
subpackages="
$pkgname-tls
$pkgname-benchmark
$pkgname-cli
$pkgname-compat::noarch
$pkgname-openrc
"
source="https://github.com/valkey-io/valkey/archive/$pkgver/valkey-$pkgver.tar.gz
valkey-loadmod.patch
valkey.conf.patch
sentinel.conf.patch
$pkgname.initd
@ -71,9 +73,11 @@ _make_flags="
V=echo
USE_JEMALLOC=no
MALLOC=libc
BUILD_TLS=yes
BUILD_TLS=module
PREFIX=/usr
"
_modules_dir="usr/lib/$pkgname/modules"
_modules_cfgdir="etc/$pkgname/modules"
build() {
make all $_make_flags
@ -91,6 +95,8 @@ check() {
package() {
make install $_make_flags INSTALL_BIN="$pkgdir/usr/bin"
install -D -m755 src/valkey-tls.so "$pkgdir/$_modules_dir/tls.so"
cd "$pkgdir"
# NOTE: /etc/valkey and /etc/valkey/sentinel.conf must be writable for valkey,
@ -98,12 +104,15 @@ package() {
install -d -m 750 -o valkey -g valkey \
etc/valkey \
etc/valkey/valkey.d \
"$_modules_cfgdir" \
var/lib/valkey \
var/lib/valkey/sentinel
install -D -m 640 -o root -g valkey "$builddir"/valkey.conf etc/valkey/valkey.conf
install -D -m 640 -o valkey -g valkey "$builddir"/sentinel.conf etc/valkey/sentinel.conf
echo "loadmodule /$_modules_dir/tls.so" > "$_modules_cfgdir"/tls.conf
install -D -m 755 "$srcdir"/valkey.initd etc/init.d/valkey
install -D -m 755 "$srcdir"/valkey-sentinel.initd etc/init.d/valkey-sentinel
install -D -m 644 "$srcdir"/valkey.confd etc/conf.d/valkey
@ -126,6 +135,14 @@ cli() {
amove usr/bin/valkey-cli
}
tls() {
pkgdesc="TLS module for Valkey"
depends="$pkgname=$pkgver-r$pkgrel"
amove "$_modules_dir"/tls.so
amove "$_modules_cfgdir"/tls.conf
}
compat() {
pkgdesc="Valkey command symlinks and system group for compatibility with redis"
depends="!redis !redict-compat"
@ -136,7 +153,8 @@ compat() {
sha512sums="
387e8ebf26a307940bf0f26eb4ba51f016445a618435f4c61ec4c8b8d4b7e2cbfc7a7e93b6c35b7c6832e3161981b4b2ce0d09bdc1799dbb5271052cf70654e4 valkey-9.0.0.tar.gz
a05177e05e7d5d4fa660abe0744df21af4f308756234f7b88bfeca6aacdd5a1643bc79a78943fcb1eb1a66418e8c8be98897a7a8ec84a27ed80f5ccfda272396 valkey.conf.patch
1438969f9b06b367544a1b486a020d1d84737e9272981c69f0cf10b23e12bed08a1c02531477cdc02e9c60c84267559df40ba9957c032caba3d0ae360a8be8d9 valkey-loadmod.patch
c2826266996c8443246da02d4879bfbd74db0a12c1866a9fe2a1020501328b49a6c3485d8a2ceaac99d3a4dd8081126cc2bb1ceaca16e44ba1edd3609dcae6d4 valkey.conf.patch
d0311d2bfade7efbfa2bdcc6c74e8e8a151c09c627e30f5cea1826155dcb4f7ca4c1d35aba26bccec933575fadcbe5785e16b4801058fec73c7de5537ffeb09a sentinel.conf.patch
605c1f39cf5f206e03d19af54412a66732ad3c65d5cb36e5d6cfb9d28779807d2da9c29d01f07e0ba2956446cb6935b66c92844a74b255b6070870b30d7d45d8 valkey.initd
639a007f7e98cf7614d2afb6e109042883030e0bdf4eaf1dc3df3ecab8043d6be30647e1e46295f783efc7baf42dc420b2e5dcf388913efdc5bdf2cd1e418f9f valkey.confd

163
main/valkey/valkey-loadmod.patch Normal file
View File

@ -0,0 +1,163 @@
Patch-Source: https://src.fedoraproject.org/rpms/valkey/blob/rawhide/f/valkey-loadmod.patch
--
From b40ab88996d0bbe9bdd366af9426f7400b21e19c Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Sat, 4 Oct 2025 07:23:52 +0200
Subject: [PATCH] Fix #2678 don't add loadmodule when from config
only protect loadmodule from include files
Signed-off-by: Remi Collet <remi@remirepo.net>
---
src/config.c | 8 ++++++--
src/module.c | 17 ++++++++++++-----
src/module.h | 4 ++--
3 files changed, 20 insertions(+), 9 deletions(-)
diff --git a/src/config.c b/src/config.c
index d0158b2c4d..ab453056df 100644
--- a/src/config.c
+++ b/src/config.c
@@ -448,6 +448,8 @@ static int updateClientOutputBufferLimit(sds *args, int arg_len, const char **er
* within conf file parsing. This is only needed to support the deprecated
* abnormal aggregate `save T C` functionality. Remove in the future. */
static int reading_config_file;
+/* support detecting include vs main config file */
+static int reading_include_file = 0;
void loadServerConfigFromString(sds config) {
deprecatedConfig deprecated_configs[] = {
@@ -539,7 +541,9 @@ void loadServerConfigFromString(sds config) {
/* Execute config directives */
if (!strcasecmp(argv[0], "include") && argc == 2) {
+ reading_include_file = 1;
loadServerConfig(argv[1], 0, NULL);
+ reading_include_file = 0;
} else if (!strcasecmp(argv[0], "rename-command") && argc == 3) {
struct serverCommand *cmd = lookupCommandBySds(argv[1]);
@@ -572,7 +576,7 @@ void loadServerConfigFromString(sds config) {
goto loaderr;
}
} else if (!strcasecmp(argv[0], "loadmodule") && argc >= 2) {
- moduleEnqueueLoadModule(argv[1], &argv[2], argc - 2);
+ moduleEnqueueLoadModule(argv[1], &argv[2], argc - 2, reading_include_file);
} else if (strchr(argv[0], '.')) {
if (argc < 2) {
err = "Module config specified without value";
@@ -1605,7 +1609,7 @@ void rewriteConfigLoadmoduleOption(struct rewriteConfigState *state) {
while ((de = dictNext(di)) != NULL) {
struct ValkeyModule *module = dictGetVal(de);
line = moduleLoadQueueEntryToLoadmoduleOptionStr(module, "loadmodule");
- rewriteConfigRewriteLine(state, "loadmodule", line, 1);
+ if (line) rewriteConfigRewriteLine(state, "loadmodule", line, 1);
}
dictReleaseIterator(di);
/* Mark "loadmodule" as processed in case modules is empty. */
diff --git a/src/module.c b/src/module.c
index e5afa952fa..f18bc3c6bf 100644
--- a/src/module.c
+++ b/src/module.c
@@ -84,6 +84,7 @@
struct moduleLoadQueueEntry {
sds path;
+ int from_include;
int argc;
robj **argv;
};
@@ -670,7 +671,7 @@ void freeClientModuleData(client *c) {
c->module_data = NULL;
}
-void moduleEnqueueLoadModule(sds path, sds *argv, int argc) {
+void moduleEnqueueLoadModule(sds path, sds *argv, int argc, int from_include) {
int i;
struct moduleLoadQueueEntry *loadmod;
@@ -678,6 +679,7 @@ void moduleEnqueueLoadModule(sds path, sds *argv, int argc) {
loadmod->argv = argc ? zmalloc(sizeof(robj *) * argc) : NULL;
loadmod->path = sdsnew(path);
loadmod->argc = argc;
+ loadmod->from_include = from_include;
for (i = 0; i < argc; i++) {
loadmod->argv[i] = createRawStringObject(argv[i], sdslen(argv[i]));
}
@@ -688,6 +690,10 @@ sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module,
const char *config_option_str) {
sds line;
+ if (module->loadmod->from_include) {
+ /* no need to add as already from config */
+ return NULL;
+ }
line = sdsnew(config_option_str);
line = sdscatlen(line, " ", 1);
line = sdscatsds(line, module->loadmod->path);
@@ -12350,7 +12356,7 @@ void moduleLoadFromQueue(void) {
listRewind(server.loadmodule_queue, &li);
while ((ln = listNext(&li))) {
struct moduleLoadQueueEntry *loadmod = ln->value;
- if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0) == C_ERR) {
+ if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0, loadmod->from_include) == C_ERR) {
serverLog(LL_WARNING, "Can't load module from %s: server aborting", loadmod->path);
exit(1);
}
@@ -12531,7 +12537,7 @@ void moduleUnregisterCleanup(ValkeyModule *module) {
/* Load a module and initialize it. On success C_OK is returned, otherwise
* C_ERR is returned. */
-int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex) {
+int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex, int from_include) {
int (*onload)(void *, void **, int);
void *handle;
@@ -12606,6 +12612,7 @@ int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loa
ctx.module->loadmod->path = sdsnew(path);
ctx.module->loadmod->argv = module_argc ? zmalloc(sizeof(robj *) * module_argc) : NULL;
ctx.module->loadmod->argc = module_argc;
+ ctx.module->loadmod->from_include = from_include;
for (int i = 0; i < module_argc; i++) {
ctx.module->loadmod->argv[i] = module_argv[i];
incrRefCount(ctx.module->loadmod->argv[i]);
@@ -13529,7 +13536,7 @@ void moduleCommand(client *c) {
argv = &c->argv[3];
}
- if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0) == C_OK)
+ if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0, 0) == C_OK)
addReply(c, shared.ok);
else
addReplyError(c, "Error loading the extension. Please check the server logs.");
@@ -13544,7 +13551,7 @@ void moduleCommand(client *c) {
/* If this is a loadex command we want to populate server.module_configs_queue with
* sds NAME VALUE pairs. We also want to increment argv to just after ARGS, if supplied. */
if (parseLoadexArguments((ValkeyModuleString ***)&argv, &argc) == VALKEYMODULE_OK &&
- moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1) == C_OK)
+ moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1, 0) == C_OK)
addReply(c, shared.ok);
else {
dictEmpty(server.module_configs_queue, NULL);
diff --git a/src/module.h b/src/module.h
index f6c266b592..1f9e729e56 100644
--- a/src/module.h
+++ b/src/module.h
@@ -169,7 +169,7 @@ static inline void moduleInitDigestContext(ValkeyModuleDigest *mdvar) {
memset(mdvar->x, 0, sizeof(mdvar->x));
}
-void moduleEnqueueLoadModule(sds path, sds *argv, int argc);
+void moduleEnqueueLoadModule(sds path, sds *argv, int argc, int from_include);
sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module,
const char *config_option_str);
ValkeyModuleCtx *moduleAllocateContext(void);
@@ -180,7 +180,7 @@ void moduleFreeContext(ValkeyModuleCtx *ctx);
void moduleInitModulesSystem(void);
void moduleInitModulesSystemLast(void);
void modulesCron(void);
-int moduleLoad(const char *path, void **argv, int argc, int is_loadex);
+int moduleLoad(const char *path, void **argv, int argc, int is_loadex, int from_include);
int moduleUnload(sds name, const char **errmsg);
void moduleLoadFromQueue(void);
int moduleGetCommandKeysViaAPI(struct serverCommand *cmd, robj **argv, int argc, getKeysResult *result);

31
main/valkey/valkey.conf.patch
View File

@ -9,7 +9,17 @@ permission to create files in /run.
--- a/valkey.conf
+++ b/valkey.conf
@@ -153,9 +153,9 @@ tcp-backlog 511
@@ -53,6 +53,9 @@
# loadmodule /path/to/other_module.so
# loadmodule /path/to/args_module.so [arg [arg ...]]
+# Include module configuration files.
+include /etc/valkey/modules/*.conf
+
################################## NETWORK #####################################
# By default, if no "bind" configuration directive is specified, the server listens
@@ -163,9 +166,9 @@ tcp-backlog 511
# incoming connections. There is no default, so the server will not listen
# on a unix socket when not specified.
#
@ -22,7 +32,16 @@ permission to create files in /run.
# Close the connection after a client is idle for N seconds (0 to disable)
timeout 0
@@ -350,11 +350,6 @@ tcp-keepalive 300
@@ -196,6 +199,8 @@ tcp-keepalive 300
################################# TLS/SSL #####################################
+# Alpine: To use TLS, install package "valkey-tls".
+
# By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration
# directive can be used to define TLS-listening ports. To enable TLS on the
# default port, use:
@@ -374,11 +379,6 @@ tcp-keepalive 300
################################# GENERAL #####################################
@ -34,7 +53,7 @@ permission to create files in /run.
# If you run the server from upstart or systemd, the server can interact with your
# supervision tree. Options:
# supervised no - no supervision interaction
@@ -373,20 +368,6 @@ daemonize no
@@ -397,20 +397,6 @@ daemonize no
#
# supervised auto
@ -55,7 +74,7 @@ permission to create files in /run.
# Specify the server verbosity level.
# This can be one of:
# debug (a lot of information, useful for development/testing)
@@ -416,14 +397,14 @@ loglevel notice
@@ -440,14 +426,14 @@ loglevel notice
# Specify the log file name. Also the empty string can be used to force
# the server to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
@ -73,7 +92,7 @@ permission to create files in /run.
# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
# syslog-facility local0
@@ -606,7 +587,7 @@ rdb-del-sync-files no
@@ -631,7 +617,7 @@ rdb-del-sync-files no
# Note that modifying 'dir' during runtime may have unexpected behavior,
# for example when a child process is running, related file operations may
# have unexpected effects.
@ -82,7 +101,7 @@ permission to create files in /run.
################################# REPLICATION #################################
@@ -2535,3 +2516,6 @@ jemalloc-bg-thread yes
@@ -2633,3 +2619,6 @@ jemalloc-bg-thread yes
# the empty string.
#
# availability-zone "zone-name"

14
main/valkey/valkey.post-upgrade Normal file
View File

@ -0,0 +1,14 @@
#!/bin/sh
ver_old="$2"
if [ "$(apk version -t "$ver_old" '9.0.0-r1')" = '<' ]; then
cat >&2 <<-EOF
*
* Valkey TLS support has been moved to a subpackage. If you run Valkey with
* 'tls-port' configured, install 'valkey-tls'.
*
EOF
fi
exit 0