On 21.01.2025 - 20:10:23, Stuart Henderson wrote: > On 2025/01/21 09:26, Matthias Pitzl wrote: > > On 20.01.2025 - 20:53:24, Kirill A. Korinsky wrote: > > > On Mon, 20 Jan 2025 09:42:21 +0100, > > > Matthias Pitzl <[email protected]> wrote: > > > > > > > > @@ -65,6 +68,7 @@ HOMEPAGE-geoip2= https://github.com/leev > > > > HOMEPAGE-headers_more= > > > > https://github.com/openresty/headers-more-nginx-module > > > > HOMEPAGE-ldap_auth= https://github.com/kvspb/nginx-auth-ldap > > > > HOMEPAGE-lua= https://github.com/openresty/lua-nginx-module > > > > +HOMEPAGE-modsecurity3= > > > > https://github.com/owasp-modsecurity/ModSecurity-nginx > > > > > > I'd like to add my two cents: > > > 1. ModSecurity is under Apache2, shall we update comment near > > > PERMIT_PACKAGE? > > good point, > > > I don't really know if this is required. The already existing naxsi module > > is > > under GPLv3, so why would it be a problem that ModSecurity3 is under Apache2 > > license? > > it's for information for users reading ports, and gives a clue to > maintainers about whether we're allowed to distribute it. > > looks like this would be correct: > > # nginx, cache_purge, geoip2, headers_more, ldap_auth, njs, rtmp: BSD-like > # passenger: MIT > # securelink: unlicense > # naxsi: GPLv3 > # modsecurity: Apache2 > PERMIT_PACKAGE= Yes > > > > 2. Why modsecurity3? Why not just modsecurity? > > Called it modsecurity3 because it is for libmodsecurity 3.x. > > Libmodsecurity 2.x is an Apache only implementation. > > also a good point, you don't want to have to change FULLPKGPATH if > libmodsecurity 4.x is released. just using -modsecurity in > MULTI_PACKAGES and the variable suffixes would make sense.
Hi!
Added the license comment and changed the name of the subpackage to just
modsecurity as suggested. Here's the updated diff.
Thanks for all your comment!
-- Matthias
Index: Makefile
===================================================================
RCS file: /mount/cvsdev/openbsd/cvs/ports/www/nginx/Makefile,v
diff -u -p -r1.184 Makefile
--- Makefile 19 Aug 2024 14:55:56 -0000 1.184
+++ Makefile 22 Jan 2025 07:36:11 -0000
@@ -10,6 +10,7 @@ COMMENT-image_filter= nginx image filter
COMMENT-ldap_auth= nginx LDAP authentication module
COMMENT-lua= nginx lua scripting (lua-nginx-module and ngx_devel_kit)
COMMENT-mailproxy= nginx mail proxy module
+COMMENT-modsecurity= nginx module for ModSecurity
COMMENT-naxsi= nginx web application firewall module
COMMENT-njs= nginx javascript scripting module
COMMENT-passenger= nginx passenger (ruby/python/nodejs) integration module
@@ -31,6 +32,7 @@ PKGNAME-image_filter= nginx-image_filter
PKGNAME-ldap_auth= nginx-ldap_auth-${VERSION}
PKGNAME-lua= nginx-lua-${VERSION}
PKGNAME-mailproxy= nginx-mailproxy-${VERSION}
+PKGNAME-modsecurity= nginx-modsecurity-${VERSION}
PKGNAME-naxsi= nginx-naxsi-${VERSION}
PKGNAME-njs= nginx-njs-${VERSION}
PKGNAME-passenger= nginx-passenger-${VERSION}
@@ -57,6 +59,7 @@ DIST_TUPLE= \
github nginx njs 0.8.4 njs \
github arut nginx-rtmp-module v1.2.2 nginx-rtmp-module \
github nginx-modules ngx_http_hmac_secure_link_module
48c4625fbbf51ed5a95bfec23fa444f6c3702e50 ngx_http_hmac_secure_link_module \
+ github owasp-modsecurity ModSecurity-nginx v1.0.3 ModSecurity-nginx
HOMEPAGE= https://nginx.org/
@@ -65,6 +68,7 @@ HOMEPAGE-geoip2= https://github.com/leev
HOMEPAGE-headers_more= https://github.com/openresty/headers-more-nginx-module
HOMEPAGE-ldap_auth= https://github.com/kvspb/nginx-auth-ldap
HOMEPAGE-lua= https://github.com/openresty/lua-nginx-module
+HOMEPAGE-modsecurity= https://github.com/owasp-modsecurity/ModSecurity-nginx
HOMEPAGE-naxsi= https://github.com/wargio/naxsi
HOMEPAGE-njs= https://github.com/nginx/njs
HOMEPAGE-passenger= https://www.phusionpassenger.com/
@@ -73,18 +77,22 @@ HOMEPAGE-securelink= https://github.com/
MAINTAINER= Robert Nagy <[email protected]>
-# BSD-like
+# nginx, cache_purge, geoip2, headers_more, ldap_auth, njs, rtmp: BSD-like
+# passenger: MIT
+# securelink: unlicensed
+# naxsi: GPLv3
+# modsecurity: Apache2
PERMIT_PACKAGE= Yes
MULTI_PACKAGES = -main -naxsi -perl ${MODULE_PACKAGES}
MODULE_PACKAGES = -cache_purge -geoip2 -headers_more \
-image_filter -ldap_auth -lua -mailproxy \
- -njs -passenger -rtmp -securelink -stream \
- -xslt
+ -modsecurity -njs -passenger -rtmp \
+ -securelink -stream -xslt
FLAVOR ?=
-PSEUDO_FLAVORS = no_lua no_njs no_passenger
+PSEUDO_FLAVORS = no_lua no_modsecurity no_njs no_passenger
COMPILER = base-clang ports-gcc base-gcc
@@ -98,6 +106,7 @@ WANTLIB-image_filter= gd
WANTLIB-ldap_auth= ldap
WANTLIB-lua= ${MODLUA_WANTLIB} m pcre
WANTLIB-mailproxy=
+WANTLIB-modsecurity= modsecurity
WANTLIB-naxsi=
WANTLIB-njs= exslt m xml2 xslt
WANTLIB-passenger= m pthread ${COMPILER_LIBCXX}
@@ -114,6 +123,7 @@ LIB_DEPENDS-image_filter=graphics/gd
LIB_DEPENDS-ldap_auth= databases/openldap
LIB_DEPENDS-lua= ${MODLUA_LIB_DEPENDS} \
devel/pcre
+LIB_DEPENDS-modsecurity= security/libmodsecurity
LIB_DEPENDS-njs= devel/pcre2 \
textproc/libxslt \
textproc/libxml
@@ -155,6 +165,12 @@ MODULES+= lang/lua
CONFIGURE_ENV+= MODLUA_INCL_DIR=${MODLUA_INCL_DIR} \
MODLUA_LIB=${MODLUA_LIB}
CONFIGURE_ARGS+= --add-dynamic-module=${WRKSRC}/lua-nginx-module
+.endif
+
+.if ${BUILD_PACKAGES:M-modsecurity}
+CONFIGURE_ENV+=
MODSECURITY_INC=${LOCALBASE}/include/modsecurity \
+ MODSECURITY_LIB=${LOCALBASE}/lib
+CONFIGURE_ARGS+= --add-dynamic-module=${WRKSRC}/ModSecurity-nginx
.endif
.if ${BUILD_PACKAGES:M-passenger}
Index: distinfo
===================================================================
RCS file: /mount/cvsdev/openbsd/cvs/ports/www/nginx/distinfo,v
diff -u -p -r1.88 distinfo
--- distinfo 19 Aug 2024 14:55:56 -0000 1.88
+++ distinfo 13 Jan 2025 10:41:14 -0000
@@ -9,6 +9,7 @@ SHA256 (nginx-modules-ngx_http_hmac_secu
SHA256 (nginx-njs-0.8.4.tar.gz) = /hl+JUIEwV6fHfCs83Wt1XvjQWkB7I17hzGdzLSQ+Q0=
SHA256 (openresty-headers-more-nginx-module-v0.34.tar.gz) =
DA0s7SzolbP0XrKyMM2QUIqyp3MpnxU94UpD5EwSCbM=
SHA256 (openresty-lua-nginx-module-v0.10.11.tar.gz) =
wPuR/P0cbn3sNMpkgm74H/66/e9hdNJURnY284BWZiY=
+SHA256 (owasp-modsecurity-ModSecurity-nginx-v1.0.3.tar.gz) =
MqQiVmFsxnTcokyGVDlzkK3/FbiIt363TgaH8CPIdRs=
SHA256 (vision5-ngx_devel_kit-v0.3.3.tar.gz) =
+qL81RaLEHZNNQgTVlEdX4TbXFJqGqS2rdLblLaFOys=
SIZE (FRiCKLE-ngx_cache_purge-2.3.tar.gz) = 11717
SIZE (arut-nginx-rtmp-module-v1.2.2.tar.gz) = 519934
@@ -21,4 +22,5 @@ SIZE (nginx-modules-ngx_http_hmac_secure
SIZE (nginx-njs-0.8.4.tar.gz) = 743910
SIZE (openresty-headers-more-nginx-module-v0.34.tar.gz) = 28827
SIZE (openresty-lua-nginx-module-v0.10.11.tar.gz) = 616653
+SIZE (owasp-modsecurity-ModSecurity-nginx-v1.0.3.tar.gz) = 34063
SIZE (vision5-ngx_devel_kit-v0.3.3.tar.gz) = 66561
Index: pkg/DESCR-modsecurity
===================================================================
RCS file: pkg/DESCR-modsecurity
diff -N pkg/DESCR-modsecurity
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/DESCR-modsecurity 17 Jan 2025 08:59:20 -0000
@@ -0,0 +1 @@
+The ModSecurity-nginx module provides a connector for libmodsecurity to nginx.
Index: pkg/PLIST-modsecurity
===================================================================
RCS file: pkg/PLIST-modsecurity
diff -N pkg/PLIST-modsecurity
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/PLIST-modsecurity 17 Jan 2025 08:59:44 -0000
@@ -0,0 +1 @@
+@so ngx_http_modsecurity_module.so
smime.p7s
Description: S/MIME cryptographic signature
