diff --git a/main/valkey/APKBUILD b/main/valkey/APKBUILD index 8328f46a761..eff67cc26a0 100644 --- a/main/valkey/APKBUILD +++ b/main/valkey/APKBUILD @@ -4,7 +4,7 @@ # Maintainer: Jakub Jirutka pkgname=valkey pkgver=9.0.0 -pkgrel=0 +pkgrel=1 pkgdesc="Open source high-performance key/value datastore (fork of Redis)" url="https://valkey.io/" arch="all" @@ -29,12 +29,14 @@ install=" $pkgname-compat.pre-install " subpackages=" + $pkgname-tls $pkgname-benchmark $pkgname-cli $pkgname-compat::noarch $pkgname-openrc " source="https://github.com/valkey-io/valkey/archive/$pkgver/valkey-$pkgver.tar.gz + valkey-loadmod.patch valkey.conf.patch sentinel.conf.patch $pkgname.initd @@ -71,9 +73,11 @@ _make_flags=" V=echo USE_JEMALLOC=no MALLOC=libc - BUILD_TLS=yes + BUILD_TLS=module PREFIX=/usr " +_modules_dir="usr/lib/$pkgname/modules" +_modules_cfgdir="etc/$pkgname/modules" build() { make all $_make_flags @@ -91,6 +95,8 @@ check() { package() { make install $_make_flags INSTALL_BIN="$pkgdir/usr/bin" + install -D -m755 src/valkey-tls.so "$pkgdir/$_modules_dir/tls.so" + cd "$pkgdir" # NOTE: /etc/valkey and /etc/valkey/sentinel.conf must be writable for valkey, @@ -98,12 +104,15 @@ package() { install -d -m 750 -o valkey -g valkey \ etc/valkey \ etc/valkey/valkey.d \ + "$_modules_cfgdir" \ var/lib/valkey \ var/lib/valkey/sentinel install -D -m 640 -o root -g valkey "$builddir"/valkey.conf etc/valkey/valkey.conf install -D -m 640 -o valkey -g valkey "$builddir"/sentinel.conf etc/valkey/sentinel.conf + echo "loadmodule /$_modules_dir/tls.so" > "$_modules_cfgdir"/tls.conf + install -D -m 755 "$srcdir"/valkey.initd etc/init.d/valkey install -D -m 755 "$srcdir"/valkey-sentinel.initd etc/init.d/valkey-sentinel install -D -m 644 "$srcdir"/valkey.confd etc/conf.d/valkey @@ -126,6 +135,14 @@ cli() { amove usr/bin/valkey-cli } +tls() { + pkgdesc="TLS module for Valkey" + depends="$pkgname=$pkgver-r$pkgrel" + + amove "$_modules_dir"/tls.so + amove "$_modules_cfgdir"/tls.conf +} + compat() { pkgdesc="Valkey command symlinks and system group for compatibility with redis" depends="!redis !redict-compat" @@ -136,7 +153,8 @@ compat() { sha512sums=" 387e8ebf26a307940bf0f26eb4ba51f016445a618435f4c61ec4c8b8d4b7e2cbfc7a7e93b6c35b7c6832e3161981b4b2ce0d09bdc1799dbb5271052cf70654e4 valkey-9.0.0.tar.gz -a05177e05e7d5d4fa660abe0744df21af4f308756234f7b88bfeca6aacdd5a1643bc79a78943fcb1eb1a66418e8c8be98897a7a8ec84a27ed80f5ccfda272396 valkey.conf.patch +1438969f9b06b367544a1b486a020d1d84737e9272981c69f0cf10b23e12bed08a1c02531477cdc02e9c60c84267559df40ba9957c032caba3d0ae360a8be8d9 valkey-loadmod.patch +c2826266996c8443246da02d4879bfbd74db0a12c1866a9fe2a1020501328b49a6c3485d8a2ceaac99d3a4dd8081126cc2bb1ceaca16e44ba1edd3609dcae6d4 valkey.conf.patch d0311d2bfade7efbfa2bdcc6c74e8e8a151c09c627e30f5cea1826155dcb4f7ca4c1d35aba26bccec933575fadcbe5785e16b4801058fec73c7de5537ffeb09a sentinel.conf.patch 605c1f39cf5f206e03d19af54412a66732ad3c65d5cb36e5d6cfb9d28779807d2da9c29d01f07e0ba2956446cb6935b66c92844a74b255b6070870b30d7d45d8 valkey.initd 639a007f7e98cf7614d2afb6e109042883030e0bdf4eaf1dc3df3ecab8043d6be30647e1e46295f783efc7baf42dc420b2e5dcf388913efdc5bdf2cd1e418f9f valkey.confd diff --git a/main/valkey/valkey-loadmod.patch b/main/valkey/valkey-loadmod.patch new file mode 100644 index 00000000000..cebccef220a --- /dev/null +++ b/main/valkey/valkey-loadmod.patch @@ -0,0 +1,163 @@ +Patch-Source: https://src.fedoraproject.org/rpms/valkey/blob/rawhide/f/valkey-loadmod.patch +-- +From b40ab88996d0bbe9bdd366af9426f7400b21e19c Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Sat, 4 Oct 2025 07:23:52 +0200 +Subject: [PATCH] Fix #2678 don't add loadmodule when from config + +only protect loadmodule from include files + +Signed-off-by: Remi Collet +--- + src/config.c | 8 ++++++-- + src/module.c | 17 ++++++++++++----- + src/module.h | 4 ++-- + 3 files changed, 20 insertions(+), 9 deletions(-) + +diff --git a/src/config.c b/src/config.c +index d0158b2c4d..ab453056df 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -448,6 +448,8 @@ static int updateClientOutputBufferLimit(sds *args, int arg_len, const char **er + * within conf file parsing. This is only needed to support the deprecated + * abnormal aggregate `save T C` functionality. Remove in the future. */ + static int reading_config_file; ++/* support detecting include vs main config file */ ++static int reading_include_file = 0; + + void loadServerConfigFromString(sds config) { + deprecatedConfig deprecated_configs[] = { +@@ -539,7 +541,9 @@ void loadServerConfigFromString(sds config) { + + /* Execute config directives */ + if (!strcasecmp(argv[0], "include") && argc == 2) { ++ reading_include_file = 1; + loadServerConfig(argv[1], 0, NULL); ++ reading_include_file = 0; + } else if (!strcasecmp(argv[0], "rename-command") && argc == 3) { + struct serverCommand *cmd = lookupCommandBySds(argv[1]); + +@@ -572,7 +576,7 @@ void loadServerConfigFromString(sds config) { + goto loaderr; + } + } else if (!strcasecmp(argv[0], "loadmodule") && argc >= 2) { +- moduleEnqueueLoadModule(argv[1], &argv[2], argc - 2); ++ moduleEnqueueLoadModule(argv[1], &argv[2], argc - 2, reading_include_file); + } else if (strchr(argv[0], '.')) { + if (argc < 2) { + err = "Module config specified without value"; +@@ -1605,7 +1609,7 @@ void rewriteConfigLoadmoduleOption(struct rewriteConfigState *state) { + while ((de = dictNext(di)) != NULL) { + struct ValkeyModule *module = dictGetVal(de); + line = moduleLoadQueueEntryToLoadmoduleOptionStr(module, "loadmodule"); +- rewriteConfigRewriteLine(state, "loadmodule", line, 1); ++ if (line) rewriteConfigRewriteLine(state, "loadmodule", line, 1); + } + dictReleaseIterator(di); + /* Mark "loadmodule" as processed in case modules is empty. */ +diff --git a/src/module.c b/src/module.c +index e5afa952fa..f18bc3c6bf 100644 +--- a/src/module.c ++++ b/src/module.c +@@ -84,6 +84,7 @@ + + struct moduleLoadQueueEntry { + sds path; ++ int from_include; + int argc; + robj **argv; + }; +@@ -670,7 +671,7 @@ void freeClientModuleData(client *c) { + c->module_data = NULL; + } + +-void moduleEnqueueLoadModule(sds path, sds *argv, int argc) { ++void moduleEnqueueLoadModule(sds path, sds *argv, int argc, int from_include) { + int i; + struct moduleLoadQueueEntry *loadmod; + +@@ -678,6 +679,7 @@ void moduleEnqueueLoadModule(sds path, sds *argv, int argc) { + loadmod->argv = argc ? zmalloc(sizeof(robj *) * argc) : NULL; + loadmod->path = sdsnew(path); + loadmod->argc = argc; ++ loadmod->from_include = from_include; + for (i = 0; i < argc; i++) { + loadmod->argv[i] = createRawStringObject(argv[i], sdslen(argv[i])); + } +@@ -688,6 +690,10 @@ sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module, + const char *config_option_str) { + sds line; + ++ if (module->loadmod->from_include) { ++ /* no need to add as already from config */ ++ return NULL; ++ } + line = sdsnew(config_option_str); + line = sdscatlen(line, " ", 1); + line = sdscatsds(line, module->loadmod->path); +@@ -12350,7 +12356,7 @@ void moduleLoadFromQueue(void) { + listRewind(server.loadmodule_queue, &li); + while ((ln = listNext(&li))) { + struct moduleLoadQueueEntry *loadmod = ln->value; +- if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0) == C_ERR) { ++ if (moduleLoad(loadmod->path, (void **)loadmod->argv, loadmod->argc, 0, loadmod->from_include) == C_ERR) { + serverLog(LL_WARNING, "Can't load module from %s: server aborting", loadmod->path); + exit(1); + } +@@ -12531,7 +12537,7 @@ void moduleUnregisterCleanup(ValkeyModule *module) { + + /* Load a module and initialize it. On success C_OK is returned, otherwise + * C_ERR is returned. */ +-int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex) { ++int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loadex, int from_include) { + int (*onload)(void *, void **, int); + void *handle; + +@@ -12606,6 +12612,7 @@ int moduleLoad(const char *path, void **module_argv, int module_argc, int is_loa + ctx.module->loadmod->path = sdsnew(path); + ctx.module->loadmod->argv = module_argc ? zmalloc(sizeof(robj *) * module_argc) : NULL; + ctx.module->loadmod->argc = module_argc; ++ ctx.module->loadmod->from_include = from_include; + for (int i = 0; i < module_argc; i++) { + ctx.module->loadmod->argv[i] = module_argv[i]; + incrRefCount(ctx.module->loadmod->argv[i]); +@@ -13529,7 +13536,7 @@ void moduleCommand(client *c) { + argv = &c->argv[3]; + } + +- if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0) == C_OK) ++ if (moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 0, 0) == C_OK) + addReply(c, shared.ok); + else + addReplyError(c, "Error loading the extension. Please check the server logs."); +@@ -13544,7 +13551,7 @@ void moduleCommand(client *c) { + /* If this is a loadex command we want to populate server.module_configs_queue with + * sds NAME VALUE pairs. We also want to increment argv to just after ARGS, if supplied. */ + if (parseLoadexArguments((ValkeyModuleString ***)&argv, &argc) == VALKEYMODULE_OK && +- moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1) == C_OK) ++ moduleLoad(c->argv[2]->ptr, (void **)argv, argc, 1, 0) == C_OK) + addReply(c, shared.ok); + else { + dictEmpty(server.module_configs_queue, NULL); +diff --git a/src/module.h b/src/module.h +index f6c266b592..1f9e729e56 100644 +--- a/src/module.h ++++ b/src/module.h +@@ -169,7 +169,7 @@ static inline void moduleInitDigestContext(ValkeyModuleDigest *mdvar) { + memset(mdvar->x, 0, sizeof(mdvar->x)); + } + +-void moduleEnqueueLoadModule(sds path, sds *argv, int argc); ++void moduleEnqueueLoadModule(sds path, sds *argv, int argc, int from_include); + sds moduleLoadQueueEntryToLoadmoduleOptionStr(ValkeyModule *module, + const char *config_option_str); + ValkeyModuleCtx *moduleAllocateContext(void); +@@ -180,7 +180,7 @@ void moduleFreeContext(ValkeyModuleCtx *ctx); + void moduleInitModulesSystem(void); + void moduleInitModulesSystemLast(void); + void modulesCron(void); +-int moduleLoad(const char *path, void **argv, int argc, int is_loadex); ++int moduleLoad(const char *path, void **argv, int argc, int is_loadex, int from_include); + int moduleUnload(sds name, const char **errmsg); + void moduleLoadFromQueue(void); + int moduleGetCommandKeysViaAPI(struct serverCommand *cmd, robj **argv, int argc, getKeysResult *result); diff --git a/main/valkey/valkey.conf.patch b/main/valkey/valkey.conf.patch index 146a35d3f09..94f1b38c446 100644 --- a/main/valkey/valkey.conf.patch +++ b/main/valkey/valkey.conf.patch @@ -9,7 +9,17 @@ permission to create files in /run. --- a/valkey.conf +++ b/valkey.conf -@@ -153,9 +153,9 @@ tcp-backlog 511 +@@ -53,6 +53,9 @@ + # loadmodule /path/to/other_module.so + # loadmodule /path/to/args_module.so [arg [arg ...]] + ++# Include module configuration files. ++include /etc/valkey/modules/*.conf ++ + ################################## NETWORK ##################################### + + # By default, if no "bind" configuration directive is specified, the server listens +@@ -163,9 +166,9 @@ tcp-backlog 511 # incoming connections. There is no default, so the server will not listen # on a unix socket when not specified. # @@ -22,7 +32,16 @@ permission to create files in /run. # Close the connection after a client is idle for N seconds (0 to disable) timeout 0 -@@ -350,11 +350,6 @@ tcp-keepalive 300 +@@ -196,6 +199,8 @@ tcp-keepalive 300 + + ################################# TLS/SSL ##################################### + ++# Alpine: To use TLS, install package "valkey-tls". ++ + # By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration + # directive can be used to define TLS-listening ports. To enable TLS on the + # default port, use: +@@ -374,11 +379,6 @@ tcp-keepalive 300 ################################# GENERAL ##################################### @@ -34,7 +53,7 @@ permission to create files in /run. # If you run the server from upstart or systemd, the server can interact with your # supervision tree. Options: # supervised no - no supervision interaction -@@ -373,20 +368,6 @@ daemonize no +@@ -397,20 +397,6 @@ daemonize no # # supervised auto @@ -55,7 +74,7 @@ permission to create files in /run. # Specify the server verbosity level. # This can be one of: # debug (a lot of information, useful for development/testing) -@@ -416,14 +397,14 @@ loglevel notice +@@ -440,14 +426,14 @@ loglevel notice # Specify the log file name. Also the empty string can be used to force # the server to log on the standard output. Note that if you use standard # output for logging but daemonize, logs will be sent to /dev/null @@ -73,7 +92,7 @@ permission to create files in /run. # Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. # syslog-facility local0 -@@ -606,7 +587,7 @@ rdb-del-sync-files no +@@ -631,7 +617,7 @@ rdb-del-sync-files no # Note that modifying 'dir' during runtime may have unexpected behavior, # for example when a child process is running, related file operations may # have unexpected effects. @@ -82,7 +101,7 @@ permission to create files in /run. ################################# REPLICATION ################################# -@@ -2535,3 +2516,6 @@ jemalloc-bg-thread yes +@@ -2633,3 +2619,6 @@ jemalloc-bg-thread yes # the empty string. # # availability-zone "zone-name" diff --git a/main/valkey/valkey.post-upgrade b/main/valkey/valkey.post-upgrade new file mode 100644 index 00000000000..daf2aaff499 --- /dev/null +++ b/main/valkey/valkey.post-upgrade @@ -0,0 +1,14 @@ +#!/bin/sh + +ver_old="$2" + +if [ "$(apk version -t "$ver_old" '9.0.0-r1')" = '<' ]; then + cat >&2 <<-EOF + * + * Valkey TLS support has been moved to a subpackage. If you run Valkey with + * 'tls-port' configured, install 'valkey-tls'. + * + EOF +fi + +exit 0