On 2025/01/22 13:47, Kirill A. Korinsky wrote:
> On Wed, 22 Jan 2025 09:03:29 +0100,
> Matthias Pitzl <pi...@genua.de> wrote:
> >
> > [1 <text/plain; utf-8 (7bit)>]
> > On 21.01.2025 - 20:10:23, Stuart Henderson wrote:
> > > On 2025/01/21 09:26, Matthias Pitzl wrote:
> > > > On 20.01.2025 - 20:53:24, Kirill A. Korinsky wrote:
> > > > > On Mon, 20 Jan 2025 09:42:21 +0100,
> > > > > Matthias Pitzl <pi...@genua.de> wrote:
> > > > > >
> > > > > > @@ -65,6 +68,7 @@ HOMEPAGE-geoip2= https://github.com/leev
> > > > > > HOMEPAGE-headers_more=
> > > > > > https://github.com/openresty/headers-more-nginx-module
> > > > > > HOMEPAGE-ldap_auth= https://github.com/kvspb/nginx-auth-ldap
> > > > > > HOMEPAGE-lua=
> > > > > > https://github.com/openresty/lua-nginx-module
> > > > > > +HOMEPAGE-modsecurity3=
> > > > > > https://github.com/owasp-modsecurity/ModSecurity-nginx
> > > > >
> > > > > I'd like to add my two cents:
> > > > > 1. ModSecurity is under Apache2, shall we update comment near
> > > > > PERMIT_PACKAGE?
> > >
> > > good point,
> > >
> > > > I don't really know if this is required. The already existing naxsi
> > > > module is
> > > > under GPLv3, so why would it be a problem that ModSecurity3 is under
> > > > Apache2
> > > > license?
> > >
> > > it's for information for users reading ports, and gives a clue to
> > > maintainers about whether we're allowed to distribute it.
> > >
> > > looks like this would be correct:
> > >
> > > # nginx, cache_purge, geoip2, headers_more, ldap_auth, njs, rtmp: BSD-like
> > > # passenger: MIT
> > > # securelink: unlicense
> > > # naxsi: GPLv3
> > > # modsecurity: Apache2
> > > PERMIT_PACKAGE= Yes
> > >
> > > > > 2. Why modsecurity3? Why not just modsecurity?
> > > > Called it modsecurity3 because it is for libmodsecurity 3.x.
> > > > Libmodsecurity 2.x is an Apache only implementation.
> > >
> > > also a good point, you don't want to have to change FULLPKGPATH if
> > > libmodsecurity 4.x is released. just using -modsecurity in
> > > MULTI_PACKAGES and the variable suffixes would make sense.
> >
> > Hi!
> >
> > Added the license comment and changed the name of the subpackage to just
> > modsecurity as suggested. Here's the updated diff.
> >
> > Thanks for all your comment!
> >
> > -- Matthias
> >
>
> Reads and compiles. OK kirill@
Thanks.
OK with me too, I'll wait a bit for any comments/objections from Robert
> > Index: Makefile
> > ===================================================================
> > RCS file: /mount/cvsdev/openbsd/cvs/ports/www/nginx/Makefile,v
> > diff -u -p -r1.184 Makefile
> > --- Makefile 19 Aug 2024 14:55:56 -0000 1.184
> > +++ Makefile 22 Jan 2025 07:36:11 -0000
> > @@ -10,6 +10,7 @@ COMMENT-image_filter= nginx image filter
> > COMMENT-ldap_auth= nginx LDAP authentication module
> > COMMENT-lua= nginx lua scripting (lua-nginx-module and
> > ngx_devel_kit)
> > COMMENT-mailproxy= nginx mail proxy module
> > +COMMENT-modsecurity= nginx module for ModSecurity
> > COMMENT-naxsi= nginx web application firewall module
> > COMMENT-njs= nginx javascript scripting module
> > COMMENT-passenger= nginx passenger (ruby/python/nodejs) integration module
> > @@ -31,6 +32,7 @@ PKGNAME-image_filter= nginx-image_filter
> > PKGNAME-ldap_auth= nginx-ldap_auth-${VERSION}
> > PKGNAME-lua= nginx-lua-${VERSION}
> > PKGNAME-mailproxy= nginx-mailproxy-${VERSION}
> > +PKGNAME-modsecurity= nginx-modsecurity-${VERSION}
> > PKGNAME-naxsi= nginx-naxsi-${VERSION}
> > PKGNAME-njs= nginx-njs-${VERSION}
> > PKGNAME-passenger= nginx-passenger-${VERSION}
> > @@ -57,6 +59,7 @@ DIST_TUPLE= \
> > github nginx njs 0.8.4 njs \
> > github arut nginx-rtmp-module v1.2.2 nginx-rtmp-module \
> > github nginx-modules ngx_http_hmac_secure_link_module
> > 48c4625fbbf51ed5a95bfec23fa444f6c3702e50 ngx_http_hmac_secure_link_module \
> > + github owasp-modsecurity ModSecurity-nginx v1.0.3 ModSecurity-nginx
> >
> > HOMEPAGE= https://nginx.org/
> >
> > @@ -65,6 +68,7 @@ HOMEPAGE-geoip2= https://github.com/leev
> > HOMEPAGE-headers_more=
> > https://github.com/openresty/headers-more-nginx-module
> > HOMEPAGE-ldap_auth= https://github.com/kvspb/nginx-auth-ldap
> > HOMEPAGE-lua= https://github.com/openresty/lua-nginx-module
> > +HOMEPAGE-modsecurity=
> > https://github.com/owasp-modsecurity/ModSecurity-nginx
> > HOMEPAGE-naxsi= https://github.com/wargio/naxsi
> > HOMEPAGE-njs= https://github.com/nginx/njs
> > HOMEPAGE-passenger= https://www.phusionpassenger.com/
> > @@ -73,18 +77,22 @@ HOMEPAGE-securelink= https://github.com/
> >
> > MAINTAINER= Robert Nagy <rob...@openbsd.org>
> >
> > -# BSD-like
> > +# nginx, cache_purge, geoip2, headers_more, ldap_auth, njs, rtmp: BSD-like
> > +# passenger: MIT
> > +# securelink: unlicensed
> > +# naxsi: GPLv3
> > +# modsecurity: Apache2
> > PERMIT_PACKAGE= Yes
> >
> > MULTI_PACKAGES = -main -naxsi -perl ${MODULE_PACKAGES}
> >
> > MODULE_PACKAGES = -cache_purge -geoip2 -headers_more \
> > -image_filter -ldap_auth -lua -mailproxy \
> > - -njs -passenger -rtmp -securelink -stream \
> > - -xslt
> > + -modsecurity -njs -passenger -rtmp \
> > + -securelink -stream -xslt
> >
> > FLAVOR ?=
> > -PSEUDO_FLAVORS = no_lua no_njs no_passenger
> > +PSEUDO_FLAVORS = no_lua no_modsecurity no_njs no_passenger
> >
> > COMPILER = base-clang ports-gcc base-gcc
> >
> > @@ -98,6 +106,7 @@ WANTLIB-image_filter= gd
> > WANTLIB-ldap_auth= ldap
> > WANTLIB-lua= ${MODLUA_WANTLIB} m pcre
> > WANTLIB-mailproxy=
> > +WANTLIB-modsecurity= modsecurity
> > WANTLIB-naxsi=
> > WANTLIB-njs= exslt m xml2 xslt
> > WANTLIB-passenger= m pthread ${COMPILER_LIBCXX}
> > @@ -114,6 +123,7 @@ LIB_DEPENDS-image_filter=graphics/gd
> > LIB_DEPENDS-ldap_auth= databases/openldap
> > LIB_DEPENDS-lua= ${MODLUA_LIB_DEPENDS} \
> > devel/pcre
> > +LIB_DEPENDS-modsecurity= security/libmodsecurity
> > LIB_DEPENDS-njs= devel/pcre2 \
> > textproc/libxslt \
> > textproc/libxml
> > @@ -155,6 +165,12 @@ MODULES+= lang/lua
> > CONFIGURE_ENV+= MODLUA_INCL_DIR=${MODLUA_INCL_DIR} \
> > MODLUA_LIB=${MODLUA_LIB}
> > CONFIGURE_ARGS+= --add-dynamic-module=${WRKSRC}/lua-nginx-module
> > +.endif
> > +
> > +.if ${BUILD_PACKAGES:M-modsecurity}
> > +CONFIGURE_ENV+=
> > MODSECURITY_INC=${LOCALBASE}/include/modsecurity \
> > + MODSECURITY_LIB=${LOCALBASE}/lib
> > +CONFIGURE_ARGS+= --add-dynamic-module=${WRKSRC}/ModSecurity-nginx
> > .endif
> >
> > .if ${BUILD_PACKAGES:M-passenger}
> > Index: distinfo
> > ===================================================================
> > RCS file: /mount/cvsdev/openbsd/cvs/ports/www/nginx/distinfo,v
> > diff -u -p -r1.88 distinfo
> > --- distinfo 19 Aug 2024 14:55:56 -0000 1.88
> > +++ distinfo 13 Jan 2025 10:41:14 -0000
> > @@ -9,6 +9,7 @@ SHA256 (nginx-modules-ngx_http_hmac_secu
> > SHA256 (nginx-njs-0.8.4.tar.gz) =
> > /hl+JUIEwV6fHfCs83Wt1XvjQWkB7I17hzGdzLSQ+Q0=
> > SHA256 (openresty-headers-more-nginx-module-v0.34.tar.gz) =
> > DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM=
> > SHA256 (openresty-lua-nginx-module-v0.10.11.tar.gz) =
> > wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY=
> > +SHA256 (owasp-modsecurity-ModSecurity-nginx-v1.0.3.tar.gz) =
> > MqQiVmFsxnTcokyGVDlzkK3/FbiIt363TgaH8CPIdRs=
> > SHA256 (vision5-ngx_devel_kit-v0.3.3.tar.gz) =
> > +qL81RaLEHZNNQgTVlEdX4TbXFJqGqS2rdLblLaFOys=
> > SIZE (FRiCKLE-ngx_cache_purge-2.3.tar.gz) = 11717
> > SIZE (arut-nginx-rtmp-module-v1.2.2.tar.gz) = 519934
> > @@ -21,4 +22,5 @@ SIZE (nginx-modules-ngx_http_hmac_secure
> > SIZE (nginx-njs-0.8.4.tar.gz) = 743910
> > SIZE (openresty-headers-more-nginx-module-v0.34.tar.gz) = 28827
> > SIZE (openresty-lua-nginx-module-v0.10.11.tar.gz) = 616653
> > +SIZE (owasp-modsecurity-ModSecurity-nginx-v1.0.3.tar.gz) = 34063
> > SIZE (vision5-ngx_devel_kit-v0.3.3.tar.gz) = 66561
> > Index: pkg/DESCR-modsecurity
> > ===================================================================
> > RCS file: pkg/DESCR-modsecurity
> > diff -N pkg/DESCR-modsecurity
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ pkg/DESCR-modsecurity 17 Jan 2025 08:59:20 -0000
> > @@ -0,0 +1 @@
> > +The ModSecurity-nginx module provides a connector for libmodsecurity to
> > nginx.
> > Index: pkg/PLIST-modsecurity
> > ===================================================================
> > RCS file: pkg/PLIST-modsecurity
> > diff -N pkg/PLIST-modsecurity
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ pkg/PLIST-modsecurity 17 Jan 2025 08:59:44 -0000
> > @@ -0,0 +1 @@
> > +@so ngx_http_modsecurity_module.so
> > [2 smime.p7s <application/pkcs7-signature (base64)>]
> > Verifying...
>
> --
> wbr, Kirill
>
