From patchwork Mon Jan 20 12:33:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Frank Vanbever X-Patchwork-Id: 1225920 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=essensium.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=essensium.com header.i=@essensium.com header.a=rsa-sha256 header.s=google header.b=PcV6mHog; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 481WMk0Xq4z9s1x for ; Mon, 20 Jan 2020 23:34:56 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id E29C48557E; Mon, 20 Jan 2020 12:34:53 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MQvU3Fhwwpu4; Mon, 20 Jan 2020 12:34:22 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 5904380CEA; Mon, 20 Jan 2020 12:34:22 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 553EC1BF326 for ; Mon, 20 Jan 2020 12:34:07 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 5187A813F7 for ; Mon, 20 Jan 2020 12:34:07 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gaFEdynGfLEm for ; Mon, 20 Jan 2020 12:34:01 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by whitealder.osuosl.org (Postfix) with ESMTPS id 1A2C6813FB for ; Mon, 20 Jan 2020 12:34:01 +0000 (UTC) Received: by mail-wm1-f47.google.com with SMTP id 20so14531971wmj.4 for ; Mon, 20 Jan 2020 04:34:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=essensium.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PLX2uQLrqJILtYf/uXCi0kzVHpp4wQG5fIkPdJ7KAKg=; b=PcV6mHog9ab84ypU6AW11RoyeJYQaiU1CBNvAXEB7L0ywp9LjIYZf6fW5D0jt059Oa AlX/nWSn3JrV0VGchwlEIVzXCtDL0qUDlMNCm8F2U45XWSua6OqRtfEZC8Ksu7rBwjVQ X800wBnP2+CcC4Jtz/xgdfgQdWE5MA/rUv+aijUKX6bjg6Kf3vsaxY6Kp/i5MMXiHu+J PmEcAO9GyLONCDa59WLg+2UrS/5WUipFcBFIdclK3alKoLaaLk33xN+nciJQs9INjp36 xtjIq56Q2O/301ETV498dZSmm0IA754Mq//6tQVbk7Xiitsz4tI/1vpQmUfzNDChQLXk bMYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PLX2uQLrqJILtYf/uXCi0kzVHpp4wQG5fIkPdJ7KAKg=; b=tBlnoHUkglHFmdm4Zf0NJf0LH//hypkF0ydvJPUMOfGPI7+q/IWAc5ElLLP6ERkSVc 0Z3/XJQfm6p6pqlqG14ZPG+rRLBZwc1BMdCJqMKscZKlMQ/oFpmedLQwOYe5J+2MFl9M HsQKKuJDgcWzP5CeB0XnEJ66/7NbLIfDDtUj5fV1JI98NIIc4JUiFyO8Y095Saez8OPe 9eQZm+Ieqb/KtQTOGB/lEAM76qQV2H/LMhte4xN/IO/z6OCL2nHa/kKl+Xgrc+Hn0M6P 3qbMgtRi/3viNxUb2NtEuipEQhZwBL+c2MABzrhDDNFBLq2ZsdVcYk/Zw3Oqdq/Isjma XuZg== X-Gm-Message-State: APjAAAWcqoPcEcj0B6c0h82HZSg59DRfRbYcC/92qiaZY5d3qUVUqurh hC+/h76fntV6sefKsP2kppLFFg7g9CKm5g== X-Google-Smtp-Source: APXvYqx8WGU3kkYKD5zPEYDvffStKm6Zfn4h4JEYF8ypgC25ONWnpUoV5R9X/g5QPnjLf7LPIYs66Q== X-Received: by 2002:a05:600c:145:: with SMTP id w5mr18058063wmm.157.1579523639330; Mon, 20 Jan 2020 04:33:59 -0800 (PST) Received: from wintermute.local.ess-mail.com (ip-188-118-3-185.reverse.destiny.be. [188.118.3.185]) by smtp.gmail.com with ESMTPSA id z6sm47510520wrw.36.2020.01.20.04.33.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 Jan 2020 04:33:58 -0800 (PST) From: Frank Vanbever To: buildroot@buildroot.org Date: Mon, 20 Jan 2020 13:33:10 +0100 Message-Id: <20200120123310.29892-2-frank.vanbever@essensium.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200120123310.29892-1-frank.vanbever@essensium.com> References: <20200110140017.15045-1-frank.vanbever@essensium.com> <20200120123310.29892-1-frank.vanbever@essensium.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH v2 2/2] nginx-modsecurity: new package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Frank Vanbever , Samuel Martin Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This commit adds the modsecurity-nginx nginx module. The name of the package diverges slightly from upstream to maintain consistency with other nginx modules already present. --- Changes v1 -> v2: - Put menu entry in correct alphabetic position - Add dependencies inherited from libmodsecurity Signed-off-by: Frank Vanbever --- DEVELOPERS | 1 + package/Config.in | 1 + package/nginx-modsecurity/Config.in | 15 +++++++++++++++ package/nginx-modsecurity/nginx-modsecurity.hash | 4 ++++ package/nginx-modsecurity/nginx-modsecurity.mk | 14 ++++++++++++++ package/nginx/nginx.mk | 5 +++++ 6 files changed, 40 insertions(+) create mode 100644 package/nginx-modsecurity/Config.in create mode 100644 package/nginx-modsecurity/nginx-modsecurity.hash create mode 100644 package/nginx-modsecurity/nginx-modsecurity.mk diff --git a/DEVELOPERS b/DEVELOPERS index e1546cf072..4af485f199 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -957,6 +957,7 @@ F: package/zxing-cpp/ N: Frank Vanbever F: package/libmodsecurity/ +F: package/nginx-modsecurity/ N: Gaƫl Portay F: package/qt5/qt5virtualkeyboard/ diff --git a/package/Config.in b/package/Config.in index 1540871dcc..714402fd5f 100644 --- a/package/Config.in +++ b/package/Config.in @@ -2076,6 +2076,7 @@ menu "Networking applications" if BR2_PACKAGE_NGINX menu "External nginx modules" source "package/nginx-dav-ext/Config.in" + source "package/nginx-modsecurity/Config.in" source "package/nginx-naxsi/Config.in" source "package/nginx-upload/Config.in" endmenu diff --git a/package/nginx-modsecurity/Config.in b/package/nginx-modsecurity/Config.in new file mode 100644 index 0000000000..68f6a81045 --- /dev/null +++ b/package/nginx-modsecurity/Config.in @@ -0,0 +1,15 @@ +config BR2_PACKAGE_NGINX_MODSECURITY + bool "nginx-modsecurity" + depends on BR2_INSTALL_LIBSTDCPP # libmodsecurity + depends on !BR2_STATIC_LIBS # libmodsecurity + select BR2_PACKAGE_PCRE # libmodsecurity + select BR2_PACKAGE_LIBMODSECURITY + help + The ModSecurity-nginx connector is the connection + point between nginx and libmodsecurity + (ModSecurity v3). + + https://github.com/SpiderLabs/ModSecurity-nginx + +comment "nginx-modsecurity needs a toolchain w/ C++, dynamic library" + depends on !BR2_INSTALL_LIBSTDCPP || BR2_STATIC_LIBS diff --git a/package/nginx-modsecurity/nginx-modsecurity.hash b/package/nginx-modsecurity/nginx-modsecurity.hash new file mode 100644 index 0000000000..d2dd266ac1 --- /dev/null +++ b/package/nginx-modsecurity/nginx-modsecurity.hash @@ -0,0 +1,4 @@ +# From https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v1.0.1/modsecurity-nginx-v1.0.1.tar.gz.sha256 +sha256 def45a8db5bc9da14765eda75363457209a86c89538ccf5bfbd3aa02fa10833c modsecurity-nginx-v1.0.1.tar.gz +# Localy calculated +sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE diff --git a/package/nginx-modsecurity/nginx-modsecurity.mk b/package/nginx-modsecurity/nginx-modsecurity.mk new file mode 100644 index 0000000000..6d33403d66 --- /dev/null +++ b/package/nginx-modsecurity/nginx-modsecurity.mk @@ -0,0 +1,14 @@ +################################################################################ +# +# nginx-modsecurity +# +################################################################################ + +NGINX_MODSECURITY_VERSION = 1.0.1 +NGINX_MODSECURITY_SOURCE = modsecurity-nginx-v$(NGINX_MODSECURITY_VERSION).tar.gz +NGINX_MODSECURITY_SITE = https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v$(NGINX_MODSECURITY_VERSION) +NGINX_MODSECURITY_LICENSE = Apache-2.0 +NGINX_MODSECURITY_LICENSE_FILES = LICENSE +NGINX_MODSECURITY_DEPENDENCIES = libmodsecurity + +$(eval $(generic-package)) diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk index f895b78779..a9eac57adc 100644 --- a/package/nginx/nginx.mk +++ b/package/nginx/nginx.mk @@ -250,6 +250,11 @@ NGINX_DEPENDENCIES += nginx-naxsi NGINX_CONF_OPTS += --add-module=$(NGINX_NAXSI_DIR)/naxsi_src endif +ifeq ($(BR2_PACKAGE_NGINX_MODSECURITY),y) +NGINX_DEPENDENCIES += nginx-modsecurity +NGINX_CONF_OPTS += --add-module=$(NGINX_MODSECURITY_DIR) +endif + # Debug logging NGINX_CONF_OPTS += $(if $(BR2_PACKAGE_NGINX_DEBUG),--with-debug)