On 22.07.2020 - 10:47:14, Matthias Pitzl wrote: > Hello, > > The following patch adds the ModSecurity connector module to nginx. > This module uses my previously sent libmodsecurity. > > By moving the module sources into the nginx source directory in the pre-patch > stage, the configure run accepts the libmodsecurity with 0.0 as version > without > any real patching of the connector module itself. > > I'm not sure, if the pseudo flavor for this is really needed. > > Greetings, > Matthias
Hi, Any OK or other feedback on this one? Greetings, Matthias > -------------------------------------------------------------------------------- > diff --git a/www/nginx/Makefile b/www/nginx/Makefile > index 7fce24d..6546604 100644 > --- a/www/nginx/Makefile > +++ b/www/nginx/Makefile > @@ -15,12 +15,14 @@ COMMENT-headers_more= nginx module for > setting/adding/clearing headers > COMMENT-perl= nginx perl scripting module > COMMENT-passenger= nginx passenger (ruby/python/nodejs) integration module > COMMENT-rtmp= nginx module for RTMP streaming > +COMMENT-modsecurity3= nginx module for ModSecurity > > VERSION= 1.18.0 > DISTNAME= nginx-${VERSION} > CATEGORIES= www > > VERSION-rtmp= 1.2.1 > +VERSION-modsecurity3= 1.0.1 > > PKGNAME-main= ${DISTNAME} > PKGNAME-image_filter= nginx-image_filter-${VERSION} > @@ -35,6 +37,7 @@ PKGNAME-headers_more= nginx-headers-more-${VERSION} > PKGNAME-perl= nginx-perl-${VERSION} > PKGNAME-passenger= nginx-passenger-${VERSION} > PKGNAME-rtmp= nginx-rtmp-${VERSION} > +PKGNAME-modsecurity3= nginx-modsecurity3-${VERSION} > REVISION-xslt= 0 > > ONLY_FOR_ARCHS-passenger= aarch64 amd64 arm i386 > @@ -52,7 +55,8 @@ _GH_MODS= \ > kvspb nginx-auth-ldap > 83c059b73566c2ee9cbda920d91b66657cf120b7 \ > arut nginx-rtmp-module v${VERSION-rtmp} \ > simpl ngx_devel_kit v0.3.0 \ > - leev ngx_http_geoip2_module 3.3 > + leev ngx_http_geoip2_module 3.3 \ > + SpiderLabs ModSecurity-nginx v${VERSION-modsecurity3} > > .for _a _p _c in ${_GH_MODS} > DISTFILES+= ${_p}-{${_a}/${_p}/archive/}${_c}.tar.gz:0 > @@ -68,10 +72,11 @@ PERMIT_PACKAGE= Yes > MULTI_PACKAGES = -main -naxsi -perl ${MODULE_PACKAGES} > > MODULE_PACKAGES = -image_filter -geoip2 -xslt -mailproxy -stream \ > - -passenger -headers_more -ldap_auth -lua -rtmp > + -passenger -headers_more -ldap_auth -lua -rtmp \ > + -modsecurity3 > > FLAVOR ?= > -PSEUDO_FLAVORS = no_lua no_passenger > +PSEUDO_FLAVORS = no_lua no_passenger no_modsecurity3 > > COMPILER = base-clang ports-gcc base-gcc > > @@ -90,6 +95,7 @@ WANTLIB-lua= ${MODLUA_WANTLIB} m > WANTLIB-headers_more= > WANTLIB-perl= c m perl > WANTLIB-passenger= m pthread ${COMPILER_LIBCXX} > +WANTLIB-modsecurity3= modsecurity > > LIB_DEPENDS-main= devel/pcre > LIB_DEPENDS-xslt= textproc/libxml \ > @@ -99,6 +105,7 @@ LIB_DEPENDS-geoip2= net/libmaxminddb > LIB_DEPENDS-ldap_auth= databases/openldap > LIB_DEPENDS-lua= ${MODLUA_LIB_DEPENDS} > LIB_DEPENDS-rtmp= > +LIB_DEPENDS-modsecurity3= security/libmodsecurity > > MODLUA_RUNDEP= No > RUN_DEPENDS= www/nginx,-main=${VERSION} > @@ -146,6 +153,12 @@ CONFIGURE_ARGS+= > --add-dynamic-module=${LOCALBASE}/lib/phusion-passenger${GEM_BI > CONFIGURE_ARGS+= > --add-dynamic-module=${WRKDIR}/nginx-rtmp-module-${VERSION-rtmp}/ > .endif > > +.if ${BUILD_PACKAGES:M-modsecurity3} > +CONFIGURE_ENV+= MODSECURITY_LIB=${PREFIX}/lib \ > + MODSECURITY_INC=${PREFIX}/include/modsecurity > +CONFIGURE_ARGS+= --add-dynamic-module=${WRKSRC}/ModSecurity-nginx > +.endif > + > CONFIGURE_ARGS+= --prefix=${NGINX_DIR} \ > --conf-path=${SYSCONFDIR}/nginx/nginx.conf \ > --sbin-path=${PREFIX}/sbin/nginx \ > @@ -188,7 +201,7 @@ ALL_TARGET= > > pre-patch: > .for i in headers-more-nginx-module lua-nginx-module naxsi \ > - nginx-auth-ldap ngx_devel_kit ngx_http_geoip2_module > + nginx-auth-ldap ngx_devel_kit ngx_http_geoip2_module ModSecurity-nginx > cd ${WRKSRC} && mv ../$i-* $i > .endfor > > diff --git a/www/nginx/distinfo b/www/nginx/distinfo > index 607c62e..bb696de 100644 > --- a/www/nginx/distinfo > +++ b/www/nginx/distinfo > @@ -1,3 +1,4 @@ > +SHA256 (ModSecurity-nginx-v1.0.1.tar.gz) = > yWmnhlm7R8hJKd4LmtwfjFEqUeyd07Fiy1aK4ijT1Z4= > SHA256 (headers-more-nginx-module-v0.33.tar.gz) = > o9y6sRepwQO8HqUgD8AKe30q+X/3/VJfFvisJjLjD78= > SHA256 (lua-nginx-module-v0.10.11.tar.gz) = > wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY= > SHA256 (naxsi-0.55.3.tar.gz) = CzyV0lB3Lcia2LSeR8HgJMWuLHbAz/pEXp/gXE3RNJU= > @@ -7,6 +8,7 @@ SHA256 > (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = aQxOW > SHA256 (nginx-rtmp-module-v1.2.1.tar.gz) = > h6pZdACwtaBSdO4tI9jLgiThJoYiegq+MdeDs6ZF6jc= > SHA256 (ngx_devel_kit-v0.3.0.tar.gz) = > iOBamainQZBm9a51lm+x78QJutRSLRSYbaB0VUrmFhk= > SHA256 (ngx_http_geoip2_module-3.3.tar.gz) = > QTeEOMgz4xOhiGnQxKcnBLSDXDCsr3/WgBOrZzL/eKc= > +SIZE (ModSecurity-nginx-v1.0.1.tar.gz) = 31920 > SIZE (headers-more-nginx-module-v0.33.tar.gz) = 28130 > SIZE (lua-nginx-module-v0.10.11.tar.gz) = 616653 > SIZE (naxsi-0.55.3.tar.gz) = 187416 > diff --git a/www/nginx/pkg/DESCR-modsecurity3 > b/www/nginx/pkg/DESCR-modsecurity3 > new file mode 100644 > index 0000000..cdf9b58 > --- /dev/null > +++ b/www/nginx/pkg/DESCR-modsecurity3 > @@ -0,0 +1,10 @@ > +The ModSecurity-nginx connector is the connection point between Nginx and > +libmodsecurity (ModSecurity v3). Said another way, this project provides a > +communication channel between Nginx and libmodsecurity. This connector is > +required to use LibModSecurity with Nginx. > + > +The ModSecurity-nginx connector takes the form of an Nginx module. The module > +simply serves as a layer of communication between Nginx and ModSecurity. > + > +Notice that this project depends on libmodsecurity rather than ModSecurity > +(version 2.9 or less). > diff --git a/www/nginx/pkg/PLIST-modsecurity3 > b/www/nginx/pkg/PLIST-modsecurity3 > new file mode 100644 > index 0000000..d75d428 > --- /dev/null > +++ b/www/nginx/pkg/PLIST-modsecurity3 > @@ -0,0 +1,2 @@ > +@comment $OpenBSD: PLIST-modsecurity3,v$ > +@so ngx_http_modsecurity_module.so