Nginx build: CentOS 6.8, documents and rake

I dislike redhat packages. They are unsafe: any package can be studied in advance; that is, the package structure is predefined, which will be shown below, which means it is easy for the package to write malicious code. Of course, whoever wants to - hurts, but this task needs to be complicated as much as possible.
Packages also do not give proper control, unlike the assembly, so I prefer the latter. However, there are some good things in packages that I’ll say below. It seems, collected from the source server - "well done", the article why?

The documentation so far misses the essential details, and the articles with recommendations are better, firstly, scattered and, as a rule, not solid, and, secondly, refer to distant sources, whereas in reality everything is at hand. I offer a solution . This article is a systematization and is likely to be corrected more than once. At the same time, I will show some convenient, in my opinion, bash helper functions for building as such. Interesting?

I'll start with the documentation. Of course, the corresponding edits will be offered to the nginx community. Here we have this script, if you believe it:

#!/bin/bash wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.39.tar.gz tar -zxf pcre-8.39.tar.gz cd pcre-8.39 ./configure make sudo make install wget http://zlib.net/zlib-1.2.8.tar.gz tar -zxf zlib-1.2.8.tar.gz cd zlib-1.2.8 ./configure make sudo make install wget http://www.openssl.org/source/openssl-1.0.2f.tar.gz tar -zxf openssl-1.0.2f.tar.gz cd openssl-1.0.2f 

The OpenSSL configurator is actually called config , and here :
')

 ./configure darwin64-x86_64-cc --prefix=/usr make sudo make install wget http://nginx.org/download/nginx-1.10.2.tar.gz tar zxf nginx-1.10.2.tar.gz cd nginx-1.10.2 ./configure --sbin-path=/usr/local/nginx/nginx --conf-path=/usr/local/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --with-pcre=../pcre-8.39 --with-zlib=../zlib-1.2.8 --with-http_ssl_module --with-stream --with-mail=dynamic --add-module=/usr/build/nginx-rtmp-module --add-dynamic-module=/usr/build/3party_module make sudo make install sudo nginx 

Despite the dislike for the packages, the script suggests an assembly from srpm with a mock (I liked that I see what is happening and the automatic yum-y update, as well as the overall forethought), and also suggests installing the package from the official repository.

I draw attention that here, apparently, there is some flaw in the code parser near the habr: the code is highlighted in red, but the same shellcheck responds to it normally. It is easy to check.
I quote the answer of support for people with the same problem:
We use highlight.js. The problem is that he doesn't know how to parse a string:
srcfold = "$ (arroot" $ (arroot "$ arname") ")"
because it uses quotes-in-quotes-in-quotes.

 #!/bin/bash set -x #      getfilenamebypath () { echo "$1" | gawk -F/ '{print $NF}' } #          : getpathbyfilename () { local fullpath; fullpath="$1" local name; name=$(getfilenamebypath "$1") path_size=$(( ${#fullpath} - ${#name} )) local path; path=${fullpath:0:$path_size} echo "$path" } #     ,     : swget () { local filename; filename=$(getfilenamebypath "$1") if ! test -f "$filename"; then { wget -P "$PWD" "$1" } fi } #   : arroot () { 7z l "$1" | grep '^[0-9][0-9][0-9][0-9]' | head -n1 | gawk '{print $NF}' } gpg_check () { local filename; filename=$(getfilenamebypath "$1") local pubkeyname; pubkeyname=$(getfilenamebypath "$2") #    : wget --recursive --accept "$filename"".*" -nd -- "$(getpathbyfilename "$1")" |& tee /var/tmp/wget.temp sigfilename=$(grep -- '--' /var/tmp/wget.temp | grep "$filename" | \ gawk '{print $NF}' | gawk -F/ '{print $NF}' ) swget "$2" # get public key gpg --import "$pubkeyname"; gpg --verify "$sigfilename" "$filename" \ |& tee /var/tmp/gpg.temp # ,    "": isgood="$(grep "Good signature" /var/tmp/gpg.temp)" if test -z "$isgood"; then { echo "Bad signature! Exiting..." exit 1 } fi } #      .    : gotosrc () { cd "$HOME" || exit 1 swget "$1" arname=$(getfilenamebypath "$1") #  ,    : if test -n "$2"; then { gpg_check "$1" "$2" } else { echo "Downloading without signature verify..." } fi 7z x "$arname" if test -f "$(arroot "$arname")"; then { 7z x "$(arroot "$arname")" srcfold="$( arroot "$(arroot "$arname" )" )" } else { srcfold="$(arroot "$arname")" } fi cd "$srcfold" || exit 1; ls -la } #      configure: setconfex () { if ! test -x configure; then { sudo chmod +x configure } fi } #      make.   ,      . getnumcores () { echo $(( $(lscpu -p=core | wc -l) - 4 )) } #          : getlatestlink_nginx () { # Tidy need for comfortable working grep curl "http://nginx.org/en/download.html" | \ tidy -imc | grep "/download/nginx" | gawk -F'"' '{print $2}' > \ /var/tmp/temp.file.gawk branchnum=$( head -n1 /var/tmp/temp.file.gawk | gawk -F'.' '{print $2}' ) if [ "$(( branchnum % 2 ))" = "1" ]; then { latestlink="https://nginx.org"$( grep "$(( branchnum - 1 ))" \ /var/tmp/temp.file.gawk | head -n1 ) echo "$latestlink" } fi } #  rpm     . ,         ,    .. gotorpm () { cd "$HOME" || exit 1 swget "$1" rpmname=$(getfilenamebypath "$1") 7z x "$rpmname" rpmname_size=${#rpmname} rpmfold=${rpmname:0:($rpmname_size-3)} mkdir "$rpmfold"; mv "$rpmfold""cpio" "$rpmfold" cd "$rpmfold" || exit 1 7z x "$rpmfold"".cpio" ls -la } #           : modify_nginx_init () { first_init_string="NGINX\=\/usr\/sbin\/nginx" second_init_string="NGINX\=\/usr\/local\/nginx\/sbin\/nginx" sudo sed -ire "s/$first_init_string/$second_init_string/g" etc/sysconfig/nginx third_init_string="nginx\=\${NGINX\-\/usr\/sbin\/nginx}" forth_init_string="nginx\=\${NGINX\-\/usr\/local\/nginx\/sbin\/nginx}" sudo sed -ire "s/$third_init_string/$forth_init_string/g" etc/rc.d/init.d/nginx } #   : userlist () { sudo gawk -F: '{print $1}' /etc/passwd | sort -g } #   : userex () { if [ "$( userlist | grep "$1" )" = "$1" ]; then { return 0 } else { return 1 } fi } #   ,       ,    : service_correct_start () { srvname="$1" sudo chkconfig --add "$srvname"; sudo chkconfig "$srvname" off if test -z "$(sudo service "$srvname" status | grep "stopped")"; then { sudo service "$srvname" stop } fi sudo service "$srvname" start; sudo chkconfig "$srvname" on sudo service "$srvname" status } sudo yum -y install yum-utils epel-release mock p7zip wget \ tidy util-linux openssl-devel nginx_install_prefix="/usr/local/nginx" install_nginx_source () { #install pcre #  pcre   . ,  ,    -   ,      :      ,    ...  ,     -    . gotosrc "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.39.tar.gz" \ "ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Public-Key" setconfex; ./configure --prefix=$nginx_install_prefix make -j"$(getnumcores)"; sudo make -j"$(getnumcores)" install #install zlib  zlib     : gotosrc "https://github.com/luvit/zlib/archive/master.zip" setconfex; ./configure --prefix=$nginx_install_prefix make -j"$(getnumcores)"; sudo make -j"$(getnumcores)" install #install nginx gotosrc "$(getlatestlink_nginx)"; setconfex; ./configure --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_v2_module --with-ipv6 --with-pcre=../pcre-8.39 --with-zlib=../zlib-master make -j"$(getnumcores)"; sudo make -j"$(getnumcores)" install gotorpm "https://nginx.org/packages/centos/6/x86_64/RPMS/nginx-1.10.2-1.el6.ngx.x86_64.rpm" modify_nginx_init sudo cp etc/sysconfig/nginx /etc/sysconfig/nginx sudo cp etc/logrotate.d/nginx /etc/logrotate.d/nginx sudo cp etc/rc.d/init.d/nginx /etc/rc.d/init.d/nginx if ! test -d /var/cache/nginx/client_temp; then { sudo mkdir -p /var/cache/nginx/client_temp } fi if ! userex "nginx"; then { sudo useradd --home-dir /var/cache/nginx "nginx" } fi sudo chmod +x /etc/rc.d/init.d/nginx sudo chown -R "nginx" "$nginx_install_prefix""/html" } #   ,   : gen_local_gpg_keys () { gpg --list-keys |& tee /var/tmp/grep.temp if test -z "$(grep "$USER"@"$HOSTNAME" /var/tmp/grep.temp)"; then { echo "Local keys does not exist. Generating local keys..." #read real name from git config if exist or from stdin: if test -n "$( which git | grep "bin/git" )"; then { if test -n "$( git config --global --list | grep "name" )"; then { realname="$( git config --global --list | grep "name" | gawk -F'=' '{print $NF}' )" } fi } else { read -r -p "Your real name for signing: " realname } fi read -r -p "Your pass phrase for signing: " passphrase cat > gpg.gen <<EOF Key-Type: RSA Key-Length: 2048 Subkey-Type: RSA Subkey-Length: 2048 Name-Real: $realname Name-Email: $USER@$HOSTNAME Expire-Date: 0 Passphrase: $passphrase %pubring gpg.gen.pub %secring gpg.gen.sec %commit %echo done! EOF echo "We need random input for signature generating... Please, typing here or move mouse... " gpg2 --batch --gen-key gpg.gen; gpg2 --import gpg.gen.sec; } fi } #    mock   : signing_rpm () { if ! test -f "$HOME""/.rpmmacros"; then { # { echo -e '%_signature gpg'; echo -e '%_gpg_path '"$HOME""/.gnupg" echo -e '%_gpg_name '"$realname"' <'"$USER"'@'"$HOSTNAME"'>' echo -e '%_gpgbin '"$(which gpg)" } >> "$HOME""/.rpmmacros" } fi gpg2 --export --armor "$USER"'@'"$HOSTNAME" > RPM-GPG-KEY-localhost sudo rpm --import RPM-GPG-KEY-localhost rpm --addsign "$1" sudo mv RPM-GPG-KEY-localhost /etc/pki/rpm-gpg/RPM-GPG-KEY-localhost } install_nginx_srpm () { swget "http://nginx.org/packages/centos/6/SRPMS/nginx-1.10.2-1.el6.ngx.src.rpm" sudo usermod -a -G mock "$USER"; mock -r default --init; mock -r default rebuild "nginx-1.10.2-1.el6.ngx.src.rpm" # gen_local_gpg_keys; signing_rpm \ "/var/lib/mock/epel-6-x86_64/result/nginx-1.10.2-1.el6.ngx.x86_64.rpm" sudo yum -y localinstall /var/lib/mock/epel-6-x86_64/result/nginx-1.10.2-1.el6.ngx.x86_64.rpm } install_nginx_rpm () { #add yum repo as in docs with gpg check enabled sudo touch /etc/yum.repos.d/nginx.repo sudo chown "$USER" /etc/yum.repos.d/nginx.repo cat > /etc/yum.repos.d/nginx.repo <<EOF [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/6/\$basearch/ enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Nginx EOF swget "http://nginx.org/keys/nginx_signing.key" sudo mv nginx_signing.key /etc/pki/rpm-gpg/RPM-GPG-KEY-Nginx rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Nginx #Disable local repo if exist localrepostate=$(sudo yum-config-manager _local | grep "enabled" | gawk '{print $NF}') if [ "$localrepostate" = "True" ]; then { echo "Disable local repo..." sudo yum-config-manager --disable _local sudo yum -y install nginx echo "Enable local repo..." sudo yum-config-manager --enable _local } fi sudo yum -y install nginx } # I know about select. But this simpler: echo "Type one digit installation method: " echo "1) Source code" echo "2) Source RPM with mock" echo "3) RPM from official repo" read -r; case "$REPLY" in "1") install_nginx_source;; "2") install_nginx_srpm;; "3") install_nginx_rpm;; esac service_correct_start "nginx"; curl localhost 

Once again, the full code after checking with lint, thanks for the comment.
Thank you all for your attention. Constructive criticism, suggestions and comments (especially - expressed in the form of proposals) are welcome.