On 22.07.2020 - 10:47:14, Matthias Pitzl wrote:
> Hello,
>
> The following patch adds the ModSecurity connector module to nginx.
> This module uses my previously sent libmodsecurity.
>
> By moving the module sources into the nginx source directory in the pre-patch
> stage, the configure run accepts the libmodsecurity with 0.0 as version
> without
> any real patching of the connector module itself.
>
> I'm not sure, if the pseudo flavor for this is really needed.
>
> Greetings,
> Matthias
Hi,
Any OK or other feedback on this one?
Greetings,
Matthias
> --------------------------------------------------------------------------------
> diff --git a/www/nginx/Makefile b/www/nginx/Makefile
> index 7fce24d..6546604 100644
> --- a/www/nginx/Makefile
> +++ b/www/nginx/Makefile
> @@ -15,12 +15,14 @@ COMMENT-headers_more= nginx module for
> setting/adding/clearing headers
> COMMENT-perl= nginx perl scripting module
> COMMENT-passenger= nginx passenger (ruby/python/nodejs) integration module
> COMMENT-rtmp= nginx module for RTMP streaming
> +COMMENT-modsecurity3= nginx module for ModSecurity
>
> VERSION= 1.18.0
> DISTNAME= nginx-${VERSION}
> CATEGORIES= www
>
> VERSION-rtmp= 1.2.1
> +VERSION-modsecurity3= 1.0.1
>
> PKGNAME-main= ${DISTNAME}
> PKGNAME-image_filter= nginx-image_filter-${VERSION}
> @@ -35,6 +37,7 @@ PKGNAME-headers_more= nginx-headers-more-${VERSION}
> PKGNAME-perl= nginx-perl-${VERSION}
> PKGNAME-passenger= nginx-passenger-${VERSION}
> PKGNAME-rtmp= nginx-rtmp-${VERSION}
> +PKGNAME-modsecurity3= nginx-modsecurity3-${VERSION}
> REVISION-xslt= 0
>
> ONLY_FOR_ARCHS-passenger= aarch64 amd64 arm i386
> @@ -52,7 +55,8 @@ _GH_MODS= \
> kvspb nginx-auth-ldap
> 83c059b73566c2ee9cbda920d91b66657cf120b7 \
> arut nginx-rtmp-module v${VERSION-rtmp} \
> simpl ngx_devel_kit v0.3.0 \
> - leev ngx_http_geoip2_module 3.3
> + leev ngx_http_geoip2_module 3.3 \
> + SpiderLabs ModSecurity-nginx v${VERSION-modsecurity3}
>
> .for _a _p _c in ${_GH_MODS}
> DISTFILES+= ${_p}-{${_a}/${_p}/archive/}${_c}.tar.gz:0
> @@ -68,10 +72,11 @@ PERMIT_PACKAGE= Yes
> MULTI_PACKAGES = -main -naxsi -perl ${MODULE_PACKAGES}
>
> MODULE_PACKAGES = -image_filter -geoip2 -xslt -mailproxy -stream \
> - -passenger -headers_more -ldap_auth -lua -rtmp
> + -passenger -headers_more -ldap_auth -lua -rtmp \
> + -modsecurity3
>
> FLAVOR ?=
> -PSEUDO_FLAVORS = no_lua no_passenger
> +PSEUDO_FLAVORS = no_lua no_passenger no_modsecurity3
>
> COMPILER = base-clang ports-gcc base-gcc
>
> @@ -90,6 +95,7 @@ WANTLIB-lua= ${MODLUA_WANTLIB} m
> WANTLIB-headers_more=
> WANTLIB-perl= c m perl
> WANTLIB-passenger= m pthread ${COMPILER_LIBCXX}
> +WANTLIB-modsecurity3= modsecurity
>
> LIB_DEPENDS-main= devel/pcre
> LIB_DEPENDS-xslt= textproc/libxml \
> @@ -99,6 +105,7 @@ LIB_DEPENDS-geoip2= net/libmaxminddb
> LIB_DEPENDS-ldap_auth= databases/openldap
> LIB_DEPENDS-lua= ${MODLUA_LIB_DEPENDS}
> LIB_DEPENDS-rtmp=
> +LIB_DEPENDS-modsecurity3= security/libmodsecurity
>
> MODLUA_RUNDEP= No
> RUN_DEPENDS= www/nginx,-main=${VERSION}
> @@ -146,6 +153,12 @@ CONFIGURE_ARGS+=
> --add-dynamic-module=${LOCALBASE}/lib/phusion-passenger${GEM_BI
> CONFIGURE_ARGS+=
> --add-dynamic-module=${WRKDIR}/nginx-rtmp-module-${VERSION-rtmp}/
> .endif
>
> +.if ${BUILD_PACKAGES:M-modsecurity3}
> +CONFIGURE_ENV+= MODSECURITY_LIB=${PREFIX}/lib \
> + MODSECURITY_INC=${PREFIX}/include/modsecurity
> +CONFIGURE_ARGS+= --add-dynamic-module=${WRKSRC}/ModSecurity-nginx
> +.endif
> +
> CONFIGURE_ARGS+= --prefix=${NGINX_DIR} \
> --conf-path=${SYSCONFDIR}/nginx/nginx.conf \
> --sbin-path=${PREFIX}/sbin/nginx \
> @@ -188,7 +201,7 @@ ALL_TARGET=
>
> pre-patch:
> .for i in headers-more-nginx-module lua-nginx-module naxsi \
> - nginx-auth-ldap ngx_devel_kit ngx_http_geoip2_module
> + nginx-auth-ldap ngx_devel_kit ngx_http_geoip2_module ModSecurity-nginx
> cd ${WRKSRC} && mv ../$i-* $i
> .endfor
>
> diff --git a/www/nginx/distinfo b/www/nginx/distinfo
> index 607c62e..bb696de 100644
> --- a/www/nginx/distinfo
> +++ b/www/nginx/distinfo
> @@ -1,3 +1,4 @@
> +SHA256 (ModSecurity-nginx-v1.0.1.tar.gz) =
> yWmnhlm7R8hJKd4LmtwfjFEqUeyd07Fiy1aK4ijT1Z4=
> SHA256 (headers-more-nginx-module-v0.33.tar.gz) =
> o9y6sRepwQO8HqUgD8AKe30q+X/3/VJfFvisJjLjD78=
> SHA256 (lua-nginx-module-v0.10.11.tar.gz) =
> wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY=
> SHA256 (naxsi-0.55.3.tar.gz) = CzyV0lB3Lcia2LSeR8HgJMWuLHbAz/pEXp/gXE3RNJU=
> @@ -7,6 +8,7 @@ SHA256
> (nginx-auth-ldap-83c059b73566c2ee9cbda920d91b66657cf120b7.tar.gz) = aQxOW
> SHA256 (nginx-rtmp-module-v1.2.1.tar.gz) =
> h6pZdACwtaBSdO4tI9jLgiThJoYiegq+MdeDs6ZF6jc=
> SHA256 (ngx_devel_kit-v0.3.0.tar.gz) =
> iOBamainQZBm9a51lm+x78QJutRSLRSYbaB0VUrmFhk=
> SHA256 (ngx_http_geoip2_module-3.3.tar.gz) =
> QTeEOMgz4xOhiGnQxKcnBLSDXDCsr3/WgBOrZzL/eKc=
> +SIZE (ModSecurity-nginx-v1.0.1.tar.gz) = 31920
> SIZE (headers-more-nginx-module-v0.33.tar.gz) = 28130
> SIZE (lua-nginx-module-v0.10.11.tar.gz) = 616653
> SIZE (naxsi-0.55.3.tar.gz) = 187416
> diff --git a/www/nginx/pkg/DESCR-modsecurity3
> b/www/nginx/pkg/DESCR-modsecurity3
> new file mode 100644
> index 0000000..cdf9b58
> --- /dev/null
> +++ b/www/nginx/pkg/DESCR-modsecurity3
> @@ -0,0 +1,10 @@
> +The ModSecurity-nginx connector is the connection point between Nginx and
> +libmodsecurity (ModSecurity v3). Said another way, this project provides a
> +communication channel between Nginx and libmodsecurity. This connector is
> +required to use LibModSecurity with Nginx.
> +
> +The ModSecurity-nginx connector takes the form of an Nginx module. The module
> +simply serves as a layer of communication between Nginx and ModSecurity.
> +
> +Notice that this project depends on libmodsecurity rather than ModSecurity
> +(version 2.9 or less).
> diff --git a/www/nginx/pkg/PLIST-modsecurity3
> b/www/nginx/pkg/PLIST-modsecurity3
> new file mode 100644
> index 0000000..d75d428
> --- /dev/null
> +++ b/www/nginx/pkg/PLIST-modsecurity3
> @@ -0,0 +1,2 @@
> +@comment $OpenBSD: PLIST-modsecurity3,v$
> +@so ngx_http_modsecurity_module.so
