[PATCH] www/nginx - Add ModSecurit connector module

Mon, 24 Aug 2020 05:36:42 -0700 

Hello,

The following patch adds the ModSecurity connector module to nginx.
This module uses my previously sent libmodsecurity.

By moving the module sources into the nginx source directory in the pre-patch
stage, the configure run accepts the libmodsecurity with 0.0 as version without
any real patching of the connector module itself.

I'm not sure, if the pseudo flavor for this is really needed.

PS: I've already sent the diff some weeks ago.
This is an updated version against the last version of nginx in the tree.

Greetings,
Matthias

--------------------------------------------------------------------------------
Index: www/nginx/Makefile
===================================================================
RCS file: /mount/cvsdev/openbsd/cvs/ports/www/nginx/Makefile,v
retrieving revision 1.145
diff -u -p -u -r1.145 Makefile
--- www/nginx/Makefile  27 Jul 2020 14:33:15 -0000      1.145
+++ www/nginx/Makefile  24 Aug 2020 12:36:17 -0000
@@ -16,6 +16,7 @@ COMMENT-perl=         nginx perl scripting modu
 COMMENT-passenger=     nginx passenger (ruby/python/nodejs) integration module
 COMMENT-rtmp=          nginx module for RTMP streaming
 COMMENT-securelink=    nginx HMAC secure link module
+COMMENT-modsecurity3=  nginx module for ModSecurity
 
 VERSION=       1.18.0
 DISTNAME=      nginx-${VERSION}
@@ -25,6 +26,7 @@ REVISION-main=        0
 REVISION-xslt= 0
 
 VERSION-rtmp=  1.2.1
+VERSION-modsecurity3=  1.0.1
 
 PKGNAME-main=          ${DISTNAME}
 PKGNAME-image_filter=  nginx-image_filter-${VERSION}
@@ -40,6 +42,7 @@ PKGNAME-perl=         nginx-perl-${VERSION}
 PKGNAME-passenger=     nginx-passenger-${VERSION}
 PKGNAME-rtmp=          nginx-rtmp-${VERSION}
 PKGNAME-securelink=    nginx-securelink-${VERSION}
+PKGNAME-modsecurity3=  nginx-modsecurity3-${VERSION}
 
 ONLY_FOR_ARCHS-passenger= aarch64 amd64 arm i386
 
@@ -57,7 +60,8 @@ _GH_MODS=     \
        arut            nginx-rtmp-module               v${VERSION-rtmp} \
        simpl           ngx_devel_kit                   v0.3.0 \
        leev            ngx_http_geoip2_module          3.3 \
-       nginx-modules   ngx_http_hmac_secure_link_module 
48c4625fbbf51ed5a95bfec23fa444f6c3702e50
+       nginx-modules   ngx_http_hmac_secure_link_module 
48c4625fbbf51ed5a95bfec23fa444f6c3702e50 \
+       SpiderLabs      ModSecurity-nginx               v${VERSION-modsecurity3}
 
 .for _a _p _c in ${_GH_MODS}
 DISTFILES+=    ${_p}-{${_a}/${_p}/archive/}${_c}.tar.gz:0
@@ -74,10 +78,10 @@ MULTI_PACKAGES =    -main -naxsi -perl ${MO
 
 MODULE_PACKAGES =      -image_filter -geoip2 -xslt -mailproxy -stream \
                        -passenger -headers_more -ldap_auth -lua -rtmp \
-                       -securelink
+                       -securelink -modsecurity3
 
 FLAVOR ?=
-PSEUDO_FLAVORS =       no_lua no_passenger
+PSEUDO_FLAVORS =       no_lua no_passenger no_modsecurity3
 
 COMPILER =             base-clang ports-gcc base-gcc
 
@@ -97,6 +101,7 @@ WANTLIB-headers_more=
 WANTLIB-perl=          c m perl
 WANTLIB-passenger=     m pthread ${COMPILER_LIBCXX}
 WANTLIB-securelink=    crypto
+WANTLIB-modsecurity3=  modsecurity
 
 LIB_DEPENDS-main=      devel/pcre
 LIB_DEPENDS-xslt=      textproc/libxml \
@@ -107,6 +112,7 @@ LIB_DEPENDS-ldap_auth=      databases/openlda
 LIB_DEPENDS-lua=       ${MODLUA_LIB_DEPENDS}
 LIB_DEPENDS-rtmp=
 LIB_DEPENDS-securelink=
+LIB_DEPENDS-modsecurity3=      security/libmodsecurity
 
 MODLUA_RUNDEP=         No
 RUN_DEPENDS=           www/nginx,-main=${VERSION}
@@ -154,6 +160,12 @@ CONFIGURE_ARGS+=   --add-dynamic-module=${
 CONFIGURE_ARGS+=       
--add-dynamic-module=${WRKDIR}/nginx-rtmp-module-${VERSION-rtmp}/
 .endif
 
+.if ${BUILD_PACKAGES:M-modsecurity3}
+CONFIGURE_ENV+=                MODSECURITY_LIB=${PREFIX}/lib \
+                       MODSECURITY_INC=${PREFIX}/include/modsecurity
+CONFIGURE_ARGS+=       --add-dynamic-module=${WRKSRC}/ModSecurity-nginx
+.endif
+
 CONFIGURE_ARGS+=       --prefix=${NGINX_DIR} \
                        --conf-path=${SYSCONFDIR}/nginx/nginx.conf \
                        --sbin-path=${PREFIX}/sbin/nginx \
@@ -198,7 +210,7 @@ ALL_TARGET=
 pre-patch:
 .for i in headers-more-nginx-module lua-nginx-module naxsi \
        nginx-auth-ldap ngx_devel_kit ngx_http_geoip2_module \
-       ngx_http_hmac_secure_link_module
+       ngx_http_hmac_secure_link_module ModSecurity-nginx
        cd ${WRKSRC} && mv ../$i-* $i
 .endfor
 
Index: www/nginx/distinfo
===================================================================
RCS file: /mount/cvsdev/openbsd/cvs/ports/www/nginx/distinfo,v
retrieving revision 1.75
diff -u -p -u -r1.75 distinfo
--- www/nginx/distinfo  27 Jul 2020 14:33:15 -0000      1.75
+++ www/nginx/distinfo  24 Aug 2020 11:08:44 -0000
@@ -1,3 +1,4 @@
+SHA256 (ModSecurity-nginx-v1.0.1.tar.gz) = 
yWmnhlm7R8hJKd4LmtwfjFEqUeyd07Fiy1aK4ijT1Z4=
 SHA256 (headers-more-nginx-module-v0.33.tar.gz) = 
o9y6sRepwQO8HqUgD8AKe30q+X/3/VJfFvisJjLjD78=
 SHA256 (lua-nginx-module-v0.10.11.tar.gz) = 
wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY=
 SHA256 (naxsi-0.55.3.tar.gz) = CzyV0lB3Lcia2LSeR8HgJMWuLHbAz/pEXp/gXE3RNJU=
@@ -8,6 +9,7 @@ SHA256 (nginx-rtmp-module-v1.2.1.tar.gz)
 SHA256 (ngx_devel_kit-v0.3.0.tar.gz) = 
iOBamainQZBm9a51lm+x78QJutRSLRSYbaB0VUrmFhk=
 SHA256 (ngx_http_geoip2_module-3.3.tar.gz) = 
QTeEOMgz4xOhiGnQxKcnBLSDXDCsr3/WgBOrZzL/eKc=
 SHA256 
(ngx_http_hmac_secure_link_module-48c4625fbbf51ed5a95bfec23fa444f6c3702e50.tar.gz)
 = ZXpA2rODS1enIREzlD1OqWwpWcv3NOUXH4eUOgOAmqg=
+SIZE (ModSecurity-nginx-v1.0.1.tar.gz) = 31920
 SIZE (headers-more-nginx-module-v0.33.tar.gz) = 28130
 SIZE (lua-nginx-module-v0.10.11.tar.gz) = 616653
 SIZE (naxsi-0.55.3.tar.gz) = 187416

Reply via email to