Hello Stuart, Thank you for your quick reply.
On 21.07.2020 - 11:46:29, Stuart Henderson wrote: > On 2020/07/21 10:45, Matthias Pitzl wrote: > > Hello, > > > > The following patch adds a new port for libmodsecurity of > > https://www.modsecurity.org/. > > > > https://github.com/SpiderLabs/ModSecurity: > > Libmodsecurity is one component of the ModSecurity v3 project. The library > > codebase serves as an interface to ModSecurity Connectors taking in web > > traffic > > and applying traditional ModSecurity processing. In general, it provides the > > capability to load/interpret rules written in the ModSecurity SecRules > > format > > and apply them to HTTP content provided by your application via Connectors. > > > > This port is required for adding ModSecurity to nginx: > > https://github.com/SpiderLabs/ModSecurity-nginx > > -------------------------------------------------------------------------------- > > > > --- /dev/null Tue Jul 21 10:33:18 2020 > > +++ security/libmodsecurity/Makefile Tue Jul 21 10:32:11 2020 > > Please send a tar.gz for new ports Will do next time. > > @@ -0,0 +1,47 @@ > > +# $OpenBSD$ > > +# > > +COMMENT = Intrusion detection and prevention engine > > lowercase start of COMMENT Ok. > > + > > +V = 3.0.4 > > +DISTNAME = modsecurity-v$V > > +PKGNAME = libmodsecurity-$V > > + > > +SHARED_LIBS += modsecurity 3.3 # 3.3 > > start with 0.0 > Problem is, if the library is not using 3.x, the check in the ngix connector will not find it. So, better use the 3.x version here or patch the nginx connector so that it accepts the 0.0 lib? Personally I would prefer to use the 3.3 number instead of patching the nginx connector. > > + > > +CATEGORIES = security > > + > > +HOMEPAGE = https://www.modsecurity.org > > + > > +WANTLIB += ${COMPILER_LIBCXX} c crypto curl iconv lzma m > > +WANTLIB += maxminddb nghttp2 pcre ssl xml2 z yajl > > + > > +MASTER_SITES = > > https://github.com/SpiderLabs/ModSecurity/releases/download/v$V/ > > + > > +PERMIT_PACKAGE = Yes > > + > > +COMPILER = base-clang ports-gcc base-gcc > > + > > +LIB_DEPENDS = converters/libiconv \ > > + devel/libyajl \ > > + devel/pcre \ > > + net/curl \ > > + net/libmaxminddb \ > > + textproc/libxml \ > > + www/nghttp2 > > only list direct dependencies here. e.g. nghttp2 is not used by modsecurity, > it is only used by libcurl, so don't include it. (I didn't check the others, > maybe that's the only one) Ok, fixed. > > > + > > +USE_GMAKE = yes > > +CONFIGURE_STYLE = gnu > > +SEPARATE_BUILD = no > > + > > +CONFIGURE_ARGS = --libdir=${LOCALBASE}/modsecurity/lib \ > > is there a particular reason to hide this away in a nonstandard dir? > normally this is only done for ports where there will be big problems if > other ports start to pick them up (e.g. libbind, heimdal, and a few > others which should not be picked up unless explicitly wanted because > there are significant drawbacks to pulling them in) > > > + --without-lmdb \ > > + --without-ssdeep \ > > + --without-lua > > + > > +post-install: > > + @mv ${WRKINST}${LOCALBASE}/modsecurity/lib/pkgconfig/modsecurity.pc \ > > + ${WRKINST}${LOCALBASE}/lib/pkgconfig/ > > LOCALBASE is for "files coming from another port". for "this port" it > would normally be ${PREFIX}. but avoiding the nonstandard dir will probably > avoid the need for this anyway. > Ok, will fix this. Looks like I made a mistake at the beginning. Works without the non-standard directory, if the version number of the librarys is as written before. > > + ${INSTALL_DATA_DIR} ${PREFIX}/share/modsecurity/ > > + ${INSTALL_DATA} ${WRKSRC}/unicode.mapping ${PREFIX}/share/modsecurity/ > > + > > +.include <bsd.port.mk> > > --- /dev/null Tue Jul 21 10:33:18 2020 > > +++ security/libmodsecurity/distinfo Tue Jul 21 09:07:56 2020 > > @@ -0,0 +1,2 @@ > > +SHA256 (modsecurity-v3.0.4.tar.gz) = > > tCMRd92AtOB2sijlfUmGcBE7adRFurhtsl9lNGwk2yI= > > +SIZE (modsecurity-v3.0.4.tar.gz) = 2806291 > > --- /dev/null Tue Jul 21 10:33:18 2020 > > +++ security/libmodsecurity/pkg/DESCR Tue Jul 21 09:07:56 2020 > > @@ -0,0 +1,9 @@ > > +ModSecurity is an embeddable web application firewall. It provides > > +protection from a range of attacks against web applications and allows > > +for HTTP traffic monitoring and real-time analysis with no changes to > > +existing infrastructure. > > + > > +It is also an open source project that aims to make the web application > > +firewall technology available to everyone. > > + > > +WWW: https://www.modsecurity.org/ > > WWW is added from HOMEPAGE in the port Makefile and shouldn't be included > in DESCR Ok, will remove it. Thanks again! Greeting, Matthias
