From patchwork Thu Jan 30 09:56:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Frank Vanbever X-Patchwork-Id: 1231349 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=essensium.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=essensium.com header.i=@essensium.com header.a=rsa-sha256 header.s=google header.b=NqZVjGGO; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 487bNl6P0dz9s1x for ; Thu, 30 Jan 2020 20:56:55 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id EF26B864AA; Thu, 30 Jan 2020 09:56:51 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zfizOht8HBFK; Thu, 30 Jan 2020 09:56:49 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 08CC686444; Thu, 30 Jan 2020 09:56:49 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 959631BF44C for ; Thu, 30 Jan 2020 09:56:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 91EBF22660 for ; Thu, 30 Jan 2020 09:56:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bK82awTD3V-G for ; Thu, 30 Jan 2020 09:56:45 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) by silver.osuosl.org (Postfix) with ESMTPS id 44436220D0 for ; Thu, 30 Jan 2020 09:56:45 +0000 (UTC) Received: by mail-wr1-f65.google.com with SMTP id z7so3165935wrl.13 for ; Thu, 30 Jan 2020 01:56:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=essensium.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6gf01Hov16yjxQvOXCmrgxTLoinkE0UUXLQ7oRxJJU8=; b=NqZVjGGO2La9dl2LfoFG/sXtCRnWULf2WRUjhXoOloiWCjgBx34+5zQQzPS0L55ksB F4BYpV8gqjnWeeDpln+oED/o/zvjxuNx1FJ/oCKBFvHmL90xeoN8XpP8rwcVJuTnQ/n7 Q1edBbdG4shEDz7vA8HCYY5wvhZWexETpkkRVmpt20m9mdMIY7lTGSWO48GUJJW0nkP5 cY189aFFmhZbyf9Ugbp3i6chsKLVboPUB9MvGKnkXyx5NqcuXPvti2ICiRJLVJFyl/VN dYEDPuMj2+K0iE9WW6iysDc5hDngbBlIw5AdDZ/YiWOJp4VihVy7TuoYcxSdaJvJMrb6 V+Rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6gf01Hov16yjxQvOXCmrgxTLoinkE0UUXLQ7oRxJJU8=; b=f/h55xtDotk8cbeFnt6CqoWumzu3RhfeWAjMrGtvRX/0cScqheSKJ71pKlAwF9OVlV zNO2x+TTa/sClXqNdHxwIsmlK/CfwgQoy+IfZceQs8pihR7vV+FJuIduSfCS6sS9VXGU ZcF+mW+K8S5dLn+OXZVBssV9sgFlvu65Fgt3zQqV9wjkUkoh3PpImUDgxRQnLhEqkhpX 29EXFk5lhMLvHXrlwRnP7sUTu1jVKkBTCQ/ETJRj6tul9KzWmJCEx0bSUwBshoj+58RY 29yXcmheB/JUME17bRSXeVO7hFLMAo1IfwzXZyzHKgc6sLzRHYuG6aAntdU60Gi4OxyW eeyg== X-Gm-Message-State: APjAAAXu8OwJ2jRHBGuQxox5L2LquAr9bFFfOuqnZsoqGX+OSmwVq82y ygG7wn3siE885X/fyOobW9JvwWGyxq/iaQ== X-Google-Smtp-Source: APXvYqzVR2OHUjvjdQyYtkN3hyLwOpljx2XN0T4bqGC91081mIZq+AjtnomHYt89lEdyH6PThfjjRQ== X-Received: by 2002:adf:f1cb:: with SMTP id z11mr4297806wro.375.1580378202955; Thu, 30 Jan 2020 01:56:42 -0800 (PST) Received: from localhost.localdomain (ip-188-118-3-185.reverse.destiny.be. [188.118.3.185]) by smtp.gmail.com with ESMTPSA id 5sm2529739wrc.75.2020.01.30.01.56.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Jan 2020 01:56:42 -0800 (PST) From: Frank Vanbever To: buildroot@buildroot.org Date: Thu, 30 Jan 2020 10:56:28 +0100 Message-Id: <20200130095629.18339-1-frank.vanbever@essensium.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200120123310.29892-1-frank.vanbever@essensium.com> References: <20200120123310.29892-1-frank.vanbever@essensium.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH v3 1/2] package/libmodsecurity: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Frank Vanbever , Samuel Martin Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" The dependency on !BR2_STATIC_LIBS is due to missing Libs.private in the libmodconfig pkg-config file making builds that statically link against libmodsecurity fail. Lua is disabled due to using the host libraries. Yajl is disabled as enabling it forces the tests to be built. These tests have a hard dependency on libmodsecurity.a which is not built when --disable-static is used in the configuration. There is no flag to disable these tests. Signed-off-by: Frank Vanbever --- Changes v2 -> v3: nothing Changes v1 -> v2: - bump version to 3.0.4 - fix URL - Move menu entry to Libraries/Networking - Add reconf comment - Coding style fixes - cleaned up CONF_OPTS - Add explicit C++ & static dependency - Explicitly disabled unavailable dependencies - Explicitly disabled Yajl and Lua - Cleaned up dependencies Signed-off-by: Frank Vanbever --- DEVELOPERS | 3 + package/Config.in | 1 + ...-CANONICAL_HOST-cannot-be-determined.patch | 31 +++++++++++ ...test-for-uClinux-in-configure-script.patch | 28 ++++++++++ package/libmodsecurity/Config.in | 19 +++++++ package/libmodsecurity/libmodsecurity.hash | 4 ++ package/libmodsecurity/libmodsecurity.mk | 55 +++++++++++++++++++ 7 files changed, 141 insertions(+) create mode 100644 package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch create mode 100644 package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch create mode 100644 package/libmodsecurity/Config.in create mode 100644 package/libmodsecurity/libmodsecurity.hash create mode 100644 package/libmodsecurity/libmodsecurity.mk diff --git a/DEVELOPERS b/DEVELOPERS index d5f7bdb8f7..513afd32e5 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -955,6 +955,9 @@ F: package/ucl/ F: package/upx/ F: package/zxing-cpp/ +N: Frank Vanbever +F: package/libmodsecurity/ + N: Gaël Portay F: package/qt5/qt5virtualkeyboard/ F: package/qt5/qt5webengine/ diff --git a/package/Config.in b/package/Config.in index db35848fed..c4e89d3ff3 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1657,6 +1657,7 @@ menu "Networking" source "package/libminiupnpc/Config.in" source "package/libmnl/Config.in" source "package/libmodbus/Config.in" + source "package/libmodsecurity/Config.in" source "package/libnatpmp/Config.in" source "package/libndp/Config.in" source "package/libnet/Config.in" diff --git a/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch new file mode 100644 index 0000000000..ab00a14e2a --- /dev/null +++ b/package/libmodsecurity/0001-Fail-when-CANONICAL_HOST-cannot-be-determined.patch @@ -0,0 +1,31 @@ +From 0832208360aab69fbaec76225db67801840a33fe Mon Sep 17 00:00:00 2001 +From: Frank Vanbever +Date: Fri, 10 Jan 2020 11:14:43 +0100 +Subject: [PATCH] Fail when CANONICAL_HOST cannot be determined + +When the CANONICAL_HOST is unknown the configure script exits +with exit code 0 even though no makefile was produced. + +Upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235 + +Signed-off-by: Frank Vanbever +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 95e48843..5e6971f4 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -193,7 +193,7 @@ case $host in + ;; + *) + echo "Unknown CANONICAL_HOST $host" +- exit ++ exit 1 + ;; + esac + +-- +2.20.1 + diff --git a/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch b/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch new file mode 100644 index 0000000000..ccd96fea95 --- /dev/null +++ b/package/libmodsecurity/0002-test-for-uClinux-in-configure-script.patch @@ -0,0 +1,28 @@ +From 13c505e30474c919ed9ae552e459769c456da21e Mon Sep 17 00:00:00 2001 +From: Frank Vanbever +Date: Fri, 10 Jan 2020 11:24:43 +0100 +Subject: [PATCH] test for uClinux in configure script + +Upstream: https://github.com/SpiderLabs/ModSecurity/pull/2235 + +Signed-off-by: Frank Vanbever +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 5e6971f4..51d38071 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -156,7 +156,7 @@ case $host in + AC_DEFINE([MACOSX], [1], [Define if the operating system is Macintosh OSX]) + PLATFORM="MacOSX" + ;; +- *-*-linux*) ++ *-*-linux* | *-*uclinux*) + echo "Checking platform... Identified as Linux" + AC_DEFINE([LINUX], [1], [Define if the operating system is LINUX]) + PLATFORM="Linux" +-- +2.20.1 + diff --git a/package/libmodsecurity/Config.in b/package/libmodsecurity/Config.in new file mode 100644 index 0000000000..129881b0de --- /dev/null +++ b/package/libmodsecurity/Config.in @@ -0,0 +1,19 @@ +config BR2_PACKAGE_LIBMODSECURITY + bool "libmodsecurity" + depends on BR2_INSTALL_LIBSTDCPP + depends on !BR2_STATIC_LIBS + select BR2_PACKAGE_PCRE + help + Libmodsecurity is one component of the ModSecurity + v3 project. The library codebase serves as an + interface to ModSecurity Connectors taking in web + traffic and applying traditional ModSecurity + processing. In general, it provides the capability + to load/interpret rules written in the ModSecurity + SecRules format and apply them to HTTP content + provided by your application via Connectors. + + https://github.com/SpiderLabs/ModSecurity + +comment "libmodsecurity needs a toolchain w/ C++, dynamic library" + depends on !BR2_INSTALL_LIBSTDCPP || BR2_STATIC_LIBS diff --git a/package/libmodsecurity/libmodsecurity.hash b/package/libmodsecurity/libmodsecurity.hash new file mode 100644 index 0000000000..ddce3ef9c6 --- /dev/null +++ b/package/libmodsecurity/libmodsecurity.hash @@ -0,0 +1,4 @@ +# From https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.4/modsecurity-v3.0.4.tar.gz.sha256 +sha256 b4231177dd80b4e076b228e57d498670113b69d445bab86db25f65346c24db22 modsecurity-v3.0.4.tar.gz +# Localy calculated +sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE diff --git a/package/libmodsecurity/libmodsecurity.mk b/package/libmodsecurity/libmodsecurity.mk new file mode 100644 index 0000000000..c32bfb4b3c --- /dev/null +++ b/package/libmodsecurity/libmodsecurity.mk @@ -0,0 +1,55 @@ +################################################################################ +# +# libmodsecurity +# +################################################################################ + +LIBMODSECURITY_VERSION = 3.0.4 +LIBMODSECURITY_SOURCE = modsecurity-v$(LIBMODSECURITY_VERSION).tar.gz +LIBMODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity/releases/download/v$(LIBMODSECURITY_VERSION) +LIBMODSECURITY_INSTALL_STAGING = YES +LIBMODSECURITY_LICENSE = Apache-2.0 +LIBMODSECURITY_LICENSE_FILES = LICENSE +# 0002-test-for-uClinux-in-configure-script.patch +LIBMODSECURITY_AUTORECONF = YES +# libinjection uses AC_CHECK_FILE, not available in cross-compile +LIBMODSECURITY_CONF_ENV = \ + ac_cv_file_others_libinjection_src_libinjection_html5_c=yes + +LIBMODSECURITY_DEPENDENCIES = pcre +LIBMODSECURITY_CONF_OPTS = \ + --disable-examples \ + --without-lmdb \ + --without-ssdeep \ + --without-lua \ + --without-yajl + +ifeq ($(BR2_PACKAGE_LIBXML2),y) +LIBMODSECURITY_DEPENDENCIES += libxml2 +LIBMODSECURITY_CONF_OPTS += --with-libxml="$(STAGING_DIR)/usr/bin/xml2-config" +else +LIBMODSECURITY_CONF_OPTS += --without-libxml +endif + +ifeq ($(BR2_PACKAGE_LIBCURL),y) +LIBMODSECURITY_DEPENDENCIES += libcurl +LIBMODSECURITY_CONF_OPTS += --with-curl="$(STAGING_DIR)/usr/bin/curl-config" +else +LIBMODSECURITY_CONF_OPTS += --without-curl +endif + +ifeq ($(BR2_PACKAGE_GEOIP),y) +LIBMODSECURITY_DEPENDENCIES += geoip +LIBMODSECURITY_CONF_OPTS += --with-geoip +else +LIBMODSECURITY_CONF_OPTS += --without-geoip +endif + +ifeq ($(BR2_PACKAGE_LIBMAXMINDDB),y) +LIBMODSECURITY_DEPENDENCIES += libmaxminddb +LIBMODSECURITY_CONF_OPTS += --with-maxmind +else +LIBMODSECURITY_CONF_OPTS += --without-maxmind +endif + +$(eval $(autotools-package)) From patchwork Mon Jan 20 12:33:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Frank Vanbever X-Patchwork-Id: 1225920 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=essensium.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=essensium.com header.i=@essensium.com header.a=rsa-sha256 header.s=google header.b=PcV6mHog; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481WMk0Xq4z9s1x for ; Mon, 20 Jan 2020 23:34:56 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id E29C48557E; Mon, 20 Jan 2020 12:34:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQvU3Fhwwpu4; Mon, 20 Jan 2020 12:34:22 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 5904380CEA; Mon, 20 Jan 2020 12:34:22 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 553EC1BF326 for ; Mon, 20 Jan 2020 12:34:07 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 5187A813F7 for ; Mon, 20 Jan 2020 12:34:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gaFEdynGfLEm for ; Mon, 20 Jan 2020 12:34:01 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by whitealder.osuosl.org (Postfix) with ESMTPS id 1A2C6813FB for ; Mon, 20 Jan 2020 12:34:01 +0000 (UTC) Received: by mail-wm1-f47.google.com with SMTP id 20so14531971wmj.4 for ; Mon, 20 Jan 2020 04:34:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=essensium.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PLX2uQLrqJILtYf/uXCi0kzVHpp4wQG5fIkPdJ7KAKg=; b=PcV6mHog9ab84ypU6AW11RoyeJYQaiU1CBNvAXEB7L0ywp9LjIYZf6fW5D0jt059Oa AlX/nWSn3JrV0VGchwlEIVzXCtDL0qUDlMNCm8F2U45XWSua6OqRtfEZC8Ksu7rBwjVQ X800wBnP2+CcC4Jtz/xgdfgQdWE5MA/rUv+aijUKX6bjg6Kf3vsaxY6Kp/i5MMXiHu+J PmEcAO9GyLONCDa59WLg+2UrS/5WUipFcBFIdclK3alKoLaaLk33xN+nciJQs9INjp36 xtjIq56Q2O/301ETV498dZSmm0IA754Mq//6tQVbk7Xiitsz4tI/1vpQmUfzNDChQLXk bMYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PLX2uQLrqJILtYf/uXCi0kzVHpp4wQG5fIkPdJ7KAKg=; b=tBlnoHUkglHFmdm4Zf0NJf0LH//hypkF0ydvJPUMOfGPI7+q/IWAc5ElLLP6ERkSVc 0Z3/XJQfm6p6pqlqG14ZPG+rRLBZwc1BMdCJqMKscZKlMQ/oFpmedLQwOYe5J+2MFl9M HsQKKuJDgcWzP5CeB0XnEJ66/7NbLIfDDtUj5fV1JI98NIIc4JUiFyO8Y095Saez8OPe 9eQZm+Ieqb/KtQTOGB/lEAM76qQV2H/LMhte4xN/IO/z6OCL2nHa/kKl+Xgrc+Hn0M6P 3qbMgtRi/3viNxUb2NtEuipEQhZwBL+c2MABzrhDDNFBLq2ZsdVcYk/Zw3Oqdq/Isjma XuZg== X-Gm-Message-State: APjAAAWcqoPcEcj0B6c0h82HZSg59DRfRbYcC/92qiaZY5d3qUVUqurh hC+/h76fntV6sefKsP2kppLFFg7g9CKm5g== X-Google-Smtp-Source: APXvYqx8WGU3kkYKD5zPEYDvffStKm6Zfn4h4JEYF8ypgC25ONWnpUoV5R9X/g5QPnjLf7LPIYs66Q== X-Received: by 2002:a05:600c:145:: with SMTP id w5mr18058063wmm.157.1579523639330; Mon, 20 Jan 2020 04:33:59 -0800 (PST) Received: from wintermute.local.ess-mail.com (ip-188-118-3-185.reverse.destiny.be. [188.118.3.185]) by smtp.gmail.com with ESMTPSA id z6sm47510520wrw.36.2020.01.20.04.33.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2020 04:33:58 -0800 (PST) From: Frank Vanbever To: buildroot@buildroot.org Date: Mon, 20 Jan 2020 13:33:10 +0100 Message-Id: <20200120123310.29892-2-frank.vanbever@essensium.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200120123310.29892-1-frank.vanbever@essensium.com> References: <20200110140017.15045-1-frank.vanbever@essensium.com> <20200120123310.29892-1-frank.vanbever@essensium.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH v2 2/2] nginx-modsecurity: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Frank Vanbever , Samuel Martin Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This commit adds the modsecurity-nginx nginx module. The name of the package diverges slightly from upstream to maintain consistency with other nginx modules already present. --- Changes v1 -> v2: - Put menu entry in correct alphabetic position - Add dependencies inherited from libmodsecurity Signed-off-by: Frank Vanbever --- DEVELOPERS | 1 + package/Config.in | 1 + package/nginx-modsecurity/Config.in | 15 +++++++++++++++ package/nginx-modsecurity/nginx-modsecurity.hash | 4 ++++ package/nginx-modsecurity/nginx-modsecurity.mk | 14 ++++++++++++++ package/nginx/nginx.mk | 5 +++++ 6 files changed, 40 insertions(+) create mode 100644 package/nginx-modsecurity/Config.in create mode 100644 package/nginx-modsecurity/nginx-modsecurity.hash create mode 100644 package/nginx-modsecurity/nginx-modsecurity.mk diff --git a/DEVELOPERS b/DEVELOPERS index e1546cf072..4af485f199 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -957,6 +957,7 @@ F: package/zxing-cpp/ N: Frank Vanbever F: package/libmodsecurity/ +F: package/nginx-modsecurity/ N: Gaël Portay F: package/qt5/qt5virtualkeyboard/ diff --git a/package/Config.in b/package/Config.in index 1540871dcc..714402fd5f 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2076,6 +2076,7 @@ menu "Networking applications" if BR2_PACKAGE_NGINX menu "External nginx modules" source "package/nginx-dav-ext/Config.in" + source "package/nginx-modsecurity/Config.in" source "package/nginx-naxsi/Config.in" source "package/nginx-upload/Config.in" endmenu diff --git a/package/nginx-modsecurity/Config.in b/package/nginx-modsecurity/Config.in new file mode 100644 index 0000000000..68f6a81045 --- /dev/null +++ b/package/nginx-modsecurity/Config.in @@ -0,0 +1,15 @@ +config BR2_PACKAGE_NGINX_MODSECURITY + bool "nginx-modsecurity" + depends on BR2_INSTALL_LIBSTDCPP # libmodsecurity + depends on !BR2_STATIC_LIBS # libmodsecurity + select BR2_PACKAGE_PCRE # libmodsecurity + select BR2_PACKAGE_LIBMODSECURITY + help + The ModSecurity-nginx connector is the connection + point between nginx and libmodsecurity + (ModSecurity v3). + + https://github.com/SpiderLabs/ModSecurity-nginx + +comment "nginx-modsecurity needs a toolchain w/ C++, dynamic library" + depends on !BR2_INSTALL_LIBSTDCPP || BR2_STATIC_LIBS diff --git a/package/nginx-modsecurity/nginx-modsecurity.hash b/package/nginx-modsecurity/nginx-modsecurity.hash new file mode 100644 index 0000000000..d2dd266ac1 --- /dev/null +++ b/package/nginx-modsecurity/nginx-modsecurity.hash @@ -0,0 +1,4 @@ +# From https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v1.0.1/modsecurity-nginx-v1.0.1.tar.gz.sha256 +sha256 def45a8db5bc9da14765eda75363457209a86c89538ccf5bfbd3aa02fa10833c modsecurity-nginx-v1.0.1.tar.gz +# Localy calculated +sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE diff --git a/package/nginx-modsecurity/nginx-modsecurity.mk b/package/nginx-modsecurity/nginx-modsecurity.mk new file mode 100644 index 0000000000..6d33403d66 --- /dev/null +++ b/package/nginx-modsecurity/nginx-modsecurity.mk @@ -0,0 +1,14 @@ +################################################################################ +# +# nginx-modsecurity +# +################################################################################ + +NGINX_MODSECURITY_VERSION = 1.0.1 +NGINX_MODSECURITY_SOURCE = modsecurity-nginx-v$(NGINX_MODSECURITY_VERSION).tar.gz +NGINX_MODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v$(NGINX_MODSECURITY_VERSION) +NGINX_MODSECURITY_LICENSE = Apache-2.0 +NGINX_MODSECURITY_LICENSE_FILES = LICENSE +NGINX_MODSECURITY_DEPENDENCIES = libmodsecurity + +$(eval $(generic-package)) diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk index f895b78779..a9eac57adc 100644 --- a/package/nginx/nginx.mk +++ b/package/nginx/nginx.mk @@ -250,6 +250,11 @@ NGINX_DEPENDENCIES += nginx-naxsi NGINX_CONF_OPTS += --add-module=$(NGINX_NAXSI_DIR)/naxsi_src endif +ifeq ($(BR2_PACKAGE_NGINX_MODSECURITY),y) +NGINX_DEPENDENCIES += nginx-modsecurity +NGINX_CONF_OPTS += --add-module=$(NGINX_MODSECURITY_DIR) +endif + # Debug logging NGINX_CONF_OPTS += $(if $(BR2_PACKAGE_NGINX_DEBUG),--with-debug)