On Wed, 22 Jan 2025 09:03:29 +0100,
Matthias Pitzl <pi...@genua.de> wrote:
>
> [1 <text/plain; utf-8 (7bit)>]
> On 21.01.2025 - 20:10:23, Stuart Henderson wrote:
> > On 2025/01/21 09:26, Matthias Pitzl wrote:
> > > On 20.01.2025 - 20:53:24, Kirill A. Korinsky wrote:
> > > > On Mon, 20 Jan 2025 09:42:21 +0100,
> > > > Matthias Pitzl <pi...@genua.de> wrote:
> > > > >
> > > > > @@ -65,6 +68,7 @@ HOMEPAGE-geoip2= https://github.com/leev
> > > > > HOMEPAGE-headers_more=
> > > > > https://github.com/openresty/headers-more-nginx-module
> > > > > HOMEPAGE-ldap_auth= https://github.com/kvspb/nginx-auth-ldap
> > > > > HOMEPAGE-lua=
> > > > > https://github.com/openresty/lua-nginx-module
> > > > > +HOMEPAGE-modsecurity3=
> > > > > https://github.com/owasp-modsecurity/ModSecurity-nginx
> > > >
> > > > I'd like to add my two cents:
> > > > 1. ModSecurity is under Apache2, shall we update comment near
> > > > PERMIT_PACKAGE?
> >
> > good point,
> >
> > > I don't really know if this is required. The already existing naxsi
> > > module is
> > > under GPLv3, so why would it be a problem that ModSecurity3 is under
> > > Apache2
> > > license?
> >
> > it's for information for users reading ports, and gives a clue to
> > maintainers about whether we're allowed to distribute it.
> >
> > looks like this would be correct:
> >
> > # nginx, cache_purge, geoip2, headers_more, ldap_auth, njs, rtmp: BSD-like
> > # passenger: MIT
> > # securelink: unlicense
> > # naxsi: GPLv3
> > # modsecurity: Apache2
> > PERMIT_PACKAGE= Yes
> >
> > > > 2. Why modsecurity3? Why not just modsecurity?
> > > Called it modsecurity3 because it is for libmodsecurity 3.x.
> > > Libmodsecurity 2.x is an Apache only implementation.
> >
> > also a good point, you don't want to have to change FULLPKGPATH if
> > libmodsecurity 4.x is released. just using -modsecurity in
> > MULTI_PACKAGES and the variable suffixes would make sense.
>
> Hi!
>
> Added the license comment and changed the name of the subpackage to just
> modsecurity as suggested. Here's the updated diff.
>
> Thanks for all your comment!
>
> -- Matthias
>
Reads and compiles. OK kirill@
> Index: Makefile
> ===================================================================
> RCS file: /mount/cvsdev/openbsd/cvs/ports/www/nginx/Makefile,v
> diff -u -p -r1.184 Makefile
> --- Makefile 19 Aug 2024 14:55:56 -0000 1.184
> +++ Makefile 22 Jan 2025 07:36:11 -0000
> @@ -10,6 +10,7 @@ COMMENT-image_filter= nginx image filter
> COMMENT-ldap_auth= nginx LDAP authentication module
> COMMENT-lua= nginx lua scripting (lua-nginx-module and ngx_devel_kit)
> COMMENT-mailproxy= nginx mail proxy module
> +COMMENT-modsecurity= nginx module for ModSecurity
> COMMENT-naxsi= nginx web application firewall module
> COMMENT-njs= nginx javascript scripting module
> COMMENT-passenger= nginx passenger (ruby/python/nodejs) integration module
> @@ -31,6 +32,7 @@ PKGNAME-image_filter= nginx-image_filter
> PKGNAME-ldap_auth= nginx-ldap_auth-${VERSION}
> PKGNAME-lua= nginx-lua-${VERSION}
> PKGNAME-mailproxy= nginx-mailproxy-${VERSION}
> +PKGNAME-modsecurity= nginx-modsecurity-${VERSION}
> PKGNAME-naxsi= nginx-naxsi-${VERSION}
> PKGNAME-njs= nginx-njs-${VERSION}
> PKGNAME-passenger= nginx-passenger-${VERSION}
> @@ -57,6 +59,7 @@ DIST_TUPLE= \
> github nginx njs 0.8.4 njs \
> github arut nginx-rtmp-module v1.2.2 nginx-rtmp-module \
> github nginx-modules ngx_http_hmac_secure_link_module
> 48c4625fbbf51ed5a95bfec23fa444f6c3702e50 ngx_http_hmac_secure_link_module \
> + github owasp-modsecurity ModSecurity-nginx v1.0.3 ModSecurity-nginx
>
> HOMEPAGE= https://nginx.org/
>
> @@ -65,6 +68,7 @@ HOMEPAGE-geoip2= https://github.com/leev
> HOMEPAGE-headers_more=
> https://github.com/openresty/headers-more-nginx-module
> HOMEPAGE-ldap_auth= https://github.com/kvspb/nginx-auth-ldap
> HOMEPAGE-lua= https://github.com/openresty/lua-nginx-module
> +HOMEPAGE-modsecurity=
> https://github.com/owasp-modsecurity/ModSecurity-nginx
> HOMEPAGE-naxsi= https://github.com/wargio/naxsi
> HOMEPAGE-njs= https://github.com/nginx/njs
> HOMEPAGE-passenger= https://www.phusionpassenger.com/
> @@ -73,18 +77,22 @@ HOMEPAGE-securelink= https://github.com/
>
> MAINTAINER= Robert Nagy <rob...@openbsd.org>
>
> -# BSD-like
> +# nginx, cache_purge, geoip2, headers_more, ldap_auth, njs, rtmp: BSD-like
> +# passenger: MIT
> +# securelink: unlicensed
> +# naxsi: GPLv3
> +# modsecurity: Apache2
> PERMIT_PACKAGE= Yes
>
> MULTI_PACKAGES = -main -naxsi -perl ${MODULE_PACKAGES}
>
> MODULE_PACKAGES = -cache_purge -geoip2 -headers_more \
> -image_filter -ldap_auth -lua -mailproxy \
> - -njs -passenger -rtmp -securelink -stream \
> - -xslt
> + -modsecurity -njs -passenger -rtmp \
> + -securelink -stream -xslt
>
> FLAVOR ?=
> -PSEUDO_FLAVORS = no_lua no_njs no_passenger
> +PSEUDO_FLAVORS = no_lua no_modsecurity no_njs no_passenger
>
> COMPILER = base-clang ports-gcc base-gcc
>
> @@ -98,6 +106,7 @@ WANTLIB-image_filter= gd
> WANTLIB-ldap_auth= ldap
> WANTLIB-lua= ${MODLUA_WANTLIB} m pcre
> WANTLIB-mailproxy=
> +WANTLIB-modsecurity= modsecurity
> WANTLIB-naxsi=
> WANTLIB-njs= exslt m xml2 xslt
> WANTLIB-passenger= m pthread ${COMPILER_LIBCXX}
> @@ -114,6 +123,7 @@ LIB_DEPENDS-image_filter=graphics/gd
> LIB_DEPENDS-ldap_auth= databases/openldap
> LIB_DEPENDS-lua= ${MODLUA_LIB_DEPENDS} \
> devel/pcre
> +LIB_DEPENDS-modsecurity= security/libmodsecurity
> LIB_DEPENDS-njs= devel/pcre2 \
> textproc/libxslt \
> textproc/libxml
> @@ -155,6 +165,12 @@ MODULES+= lang/lua
> CONFIGURE_ENV+= MODLUA_INCL_DIR=${MODLUA_INCL_DIR} \
> MODLUA_LIB=${MODLUA_LIB}
> CONFIGURE_ARGS+= --add-dynamic-module=${WRKSRC}/lua-nginx-module
> +.endif
> +
> +.if ${BUILD_PACKAGES:M-modsecurity}
> +CONFIGURE_ENV+=
> MODSECURITY_INC=${LOCALBASE}/include/modsecurity \
> + MODSECURITY_LIB=${LOCALBASE}/lib
> +CONFIGURE_ARGS+= --add-dynamic-module=${WRKSRC}/ModSecurity-nginx
> .endif
>
> .if ${BUILD_PACKAGES:M-passenger}
> Index: distinfo
> ===================================================================
> RCS file: /mount/cvsdev/openbsd/cvs/ports/www/nginx/distinfo,v
> diff -u -p -r1.88 distinfo
> --- distinfo 19 Aug 2024 14:55:56 -0000 1.88
> +++ distinfo 13 Jan 2025 10:41:14 -0000
> @@ -9,6 +9,7 @@ SHA256 (nginx-modules-ngx_http_hmac_secu
> SHA256 (nginx-njs-0.8.4.tar.gz) =
> /hl+JUIEwV6fHfCs83Wt1XvjQWkB7I17hzGdzLSQ+Q0=
> SHA256 (openresty-headers-more-nginx-module-v0.34.tar.gz) =
> DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM=
> SHA256 (openresty-lua-nginx-module-v0.10.11.tar.gz) =
> wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY=
> +SHA256 (owasp-modsecurity-ModSecurity-nginx-v1.0.3.tar.gz) =
> MqQiVmFsxnTcokyGVDlzkK3/FbiIt363TgaH8CPIdRs=
> SHA256 (vision5-ngx_devel_kit-v0.3.3.tar.gz) =
> +qL81RaLEHZNNQgTVlEdX4TbXFJqGqS2rdLblLaFOys=
> SIZE (FRiCKLE-ngx_cache_purge-2.3.tar.gz) = 11717
> SIZE (arut-nginx-rtmp-module-v1.2.2.tar.gz) = 519934
> @@ -21,4 +22,5 @@ SIZE (nginx-modules-ngx_http_hmac_secure
> SIZE (nginx-njs-0.8.4.tar.gz) = 743910
> SIZE (openresty-headers-more-nginx-module-v0.34.tar.gz) = 28827
> SIZE (openresty-lua-nginx-module-v0.10.11.tar.gz) = 616653
> +SIZE (owasp-modsecurity-ModSecurity-nginx-v1.0.3.tar.gz) = 34063
> SIZE (vision5-ngx_devel_kit-v0.3.3.tar.gz) = 66561
> Index: pkg/DESCR-modsecurity
> ===================================================================
> RCS file: pkg/DESCR-modsecurity
> diff -N pkg/DESCR-modsecurity
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ pkg/DESCR-modsecurity 17 Jan 2025 08:59:20 -0000
> @@ -0,0 +1 @@
> +The ModSecurity-nginx module provides a connector for libmodsecurity to
> nginx.
> Index: pkg/PLIST-modsecurity
> ===================================================================
> RCS file: pkg/PLIST-modsecurity
> diff -N pkg/PLIST-modsecurity
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ pkg/PLIST-modsecurity 17 Jan 2025 08:59:44 -0000
> @@ -0,0 +1 @@
> +@so ngx_http_modsecurity_module.so
> [2 smime.p7s <application/pkcs7-signature (base64)>]
> Verifying...
--
wbr, Kirill
