On 2020/07/21 10:45, Matthias Pitzl wrote: > Hello, > > The following patch adds a new port for libmodsecurity of > https://www.modsecurity.org/. > > https://github.com/SpiderLabs/ModSecurity: > Libmodsecurity is one component of the ModSecurity v3 project. The library > codebase serves as an interface to ModSecurity Connectors taking in web > traffic > and applying traditional ModSecurity processing. In general, it provides the > capability to load/interpret rules written in the ModSecurity SecRules format > and apply them to HTTP content provided by your application via Connectors. > > This port is required for adding ModSecurity to nginx: > https://github.com/SpiderLabs/ModSecurity-nginx > > Built and tested on amd64: > ============================================================================ > Testsuite summary for modsecurity 3.0 > ============================================================================ > # TOTAL: 4292 > # PASS: 4287 > # SKIP: 5 > # XFAIL: 0 > # FAIL: 0 > # XPASS: 0 > # ERROR: 0 > ============================================================================ > > Cheers, > Matthias > > -------------------------------------------------------------------------------- > > --- /dev/null Tue Jul 21 10:33:18 2020 > +++ security/libmodsecurity/Makefile Tue Jul 21 10:32:11 2020
Please send a tar.gz for new ports > @@ -0,0 +1,47 @@ > +# $OpenBSD$ > +# > +COMMENT = Intrusion detection and prevention engine lowercase start of COMMENT > + > +V = 3.0.4 > +DISTNAME = modsecurity-v$V > +PKGNAME = libmodsecurity-$V > + > +SHARED_LIBS += modsecurity 3.3 # 3.3 start with 0.0 > + > +CATEGORIES = security > + > +HOMEPAGE = https://www.modsecurity.org > + > +WANTLIB += ${COMPILER_LIBCXX} c crypto curl iconv lzma m > +WANTLIB += maxminddb nghttp2 pcre ssl xml2 z yajl > + > +MASTER_SITES = > https://github.com/SpiderLabs/ModSecurity/releases/download/v$V/ > + > +PERMIT_PACKAGE = Yes > + > +COMPILER = base-clang ports-gcc base-gcc > + > +LIB_DEPENDS = converters/libiconv \ > + devel/libyajl \ > + devel/pcre \ > + net/curl \ > + net/libmaxminddb \ > + textproc/libxml \ > + www/nghttp2 only list direct dependencies here. e.g. nghttp2 is not used by modsecurity, it is only used by libcurl, so don't include it. (I didn't check the others, maybe that's the only one) > + > +USE_GMAKE = yes > +CONFIGURE_STYLE = gnu > +SEPARATE_BUILD = no > + > +CONFIGURE_ARGS = --libdir=${LOCALBASE}/modsecurity/lib \ is there a particular reason to hide this away in a nonstandard dir? normally this is only done for ports where there will be big problems if other ports start to pick them up (e.g. libbind, heimdal, and a few others which should not be picked up unless explicitly wanted because there are significant drawbacks to pulling them in) > + --without-lmdb \ > + --without-ssdeep \ > + --without-lua > + > +post-install: > + @mv ${WRKINST}${LOCALBASE}/modsecurity/lib/pkgconfig/modsecurity.pc \ > + ${WRKINST}${LOCALBASE}/lib/pkgconfig/ LOCALBASE is for "files coming from another port". for "this port" it would normally be ${PREFIX}. but avoiding the nonstandard dir will probably avoid the need for this anyway. > + ${INSTALL_DATA_DIR} ${PREFIX}/share/modsecurity/ > + ${INSTALL_DATA} ${WRKSRC}/unicode.mapping ${PREFIX}/share/modsecurity/ > + > +.include <bsd.port.mk> > --- /dev/null Tue Jul 21 10:33:18 2020 > +++ security/libmodsecurity/distinfo Tue Jul 21 09:07:56 2020 > @@ -0,0 +1,2 @@ > +SHA256 (modsecurity-v3.0.4.tar.gz) = > tCMRd92AtOB2sijlfUmGcBE7adRFurhtsl9lNGwk2yI= > +SIZE (modsecurity-v3.0.4.tar.gz) = 2806291 > --- /dev/null Tue Jul 21 10:33:18 2020 > +++ security/libmodsecurity/pkg/DESCR Tue Jul 21 09:07:56 2020 > @@ -0,0 +1,9 @@ > +ModSecurity is an embeddable web application firewall. It provides > +protection from a range of attacks against web applications and allows > +for HTTP traffic monitoring and real-time analysis with no changes to > +existing infrastructure. > + > +It is also an open source project that aims to make the web application > +firewall technology available to everyone. > + > +WWW: https://www.modsecurity.org/ WWW is added from HOMEPAGE in the port Makefile and shouldn't be included in DESCR > --- /dev/null Tue Jul 21 10:33:18 2020 > +++ security/libmodsecurity/pkg/PLIST Tue Jul 21 09:35:14 2020 > @@ -0,0 +1,31 @@ > +@comment $OpenBSD: PLIST,v$ > +@bin bin/modsec-rules-check > +include/modsecurity/ > +include/modsecurity/actions/ > +include/modsecurity/actions/action.h > +include/modsecurity/anchored_set_variable.h > +include/modsecurity/anchored_variable.h > +include/modsecurity/audit_log.h > +include/modsecurity/collection/ > +include/modsecurity/collection/collection.h > +include/modsecurity/collection/collections.h > +include/modsecurity/debug_log.h > +include/modsecurity/intervention.h > +include/modsecurity/modsecurity.h > +include/modsecurity/reading_logs_via_rule_message.h > +include/modsecurity/rule.h > +include/modsecurity/rule_message.h > +include/modsecurity/rules.h > +include/modsecurity/rules_exceptions.h > +include/modsecurity/rules_properties.h > +include/modsecurity/transaction.h > +include/modsecurity/variable_origin.h > +include/modsecurity/variable_value.h > +lib/pkgconfig/modsecurity.pc > +modsecurity/ > +modsecurity/lib/ > +@static-lib modsecurity/lib/libmodsecurity.a > +modsecurity/lib/libmodsecurity.la > +share/modsecurity/ > +share/modsecurity/unicode.mapping > +@lib modsecurity/lib/libmodsecurity.so.${LIBmodsecurity_VERSION} > Index: security/Makefile > =================================================================== > RCS file: /mount/cvsdev/openbsd/cvs/ports/security/Makefile,v > retrieving revision 1.575 > diff -u -p -u -r1.575 Makefile > --- security/Makefile 21 Apr 2020 20:42:00 -0000 1.575 > +++ security/Makefile 21 Jul 2020 07:10:00 -0000 > @@ -122,6 +122,7 @@ > SUBDIR += libident > SUBDIR += libksba > SUBDIR += libmcrypt > + SUBDIR += libmodsecurity > SUBDIR += libnettle > SUBDIR += libnipper > SUBDIR += libotr >
