484370 – www-servers/nginx-1.4.1 - add support for >=www-apache/mod_security-2.7.5

Bug 484370 - www-servers/nginx-1.4.1 - add support for >=www-apache/mod_security-2.7.5

Summary: www-servers/nginx-1.4.1 - add support for >=www-apache/mod_security-2.7.5

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	AMD64 Linux

Importance:	Normal enhancement (vote)
Assignee:	Tiziano Müller (RETIRED)

URL:
Whiteboard:
Keywords:	EBUILD, PATCH

Depends on:
Blocks:

Reported:	2013-09-09 18:08 UTC by Kristaps Kaupe
Modified:	2013-10-05 12:18 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Modified ebuild (nginx-1.4.1-r6.ebuild,20.69 KB, text/plain) 2013-09-09 18:09 UTC, Kristaps Kaupe	Details
Required patch for modsecurity include paths (nginx-1.4.1-modsecurity-include-paths.patch,1018 bytes, patch) 2013-09-09 18:09 UTC, Kristaps Kaupe	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kristaps Kaupe 2013-09-09 18:08:34 UTC

I have modified nginx-1.4.1-r5.ebuild and added optional security http module, which adds modsecurity (http://www.modsecurity.org/) support for nginx in Gentoo. Unfortunatelly, adds www-servers/apache2 as a dependency, when module enabled, because compiling of modsecurity requires some Apache include files. Building tested only on amd64.

Reproducible: Always

Steps to Reproduce:
-


Expected Results:  
-

Comment 1 Kristaps Kaupe 2013-09-09 18:09:10 UTC

Created attachment 358386 [details]
Modified ebuild

Comment 2 Kristaps Kaupe 2013-09-09 18:09:33 UTC

Created attachment 358388 [details, diff]
Required patch for modsecurity include paths

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2013-09-10 14:04:55 UTC

Comment on attachment 358386 [details]
Modified ebuild

--- nginx-1.4.1-r5.ebuild       2013-09-05 20:08:31.733683509 +0200
+++ -   2013-09-10 16:04:39.951833357 +0200
@@ -108,6 +108,11 @@
 HTTP_DAV_EXT_MODULE_URI="http://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz"
 HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}"
 
+HTTP_SECURITY_MODULE_PV="2.7.5"
+HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}"
+HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/2.7.5/modsecurity-apache_${HTTP_SECURITY_MODULE_PV}.tar.gz"
+HTTP_SECURITY_MODULE_WD="${WORKDIR}/modsecurity-apache_${HTTP_SECURITY_MODULE_PV}"
+
 inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator
 
 DESCRIPTION="Robust, small and high performance http and reverse proxy server"
@@ -127,7 +132,8 @@
        nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz )
        nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz )
        rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz )
-       nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )"
+       nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )
+       nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )"
 
 LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+"
 SLOT="0"
@@ -151,7 +157,8 @@
        http_upstream_check
        http_metrics
        http_naxsi
-       http_dav_ext"
+       http_dav_ext
+       http_security"
 
 IUSE="aio debug +http +http-cache ipv6 libatomic +pcre pcre-jit rtmp selinux ssl
 syslog userland_GNU vim-syntax"
@@ -191,7 +198,8 @@
        nginx_modules_http_lua? ( || ( dev-lang/lua dev-lang/luajit ) )
        nginx_modules_http_auth_pam? ( virtual/pam )
        nginx_modules_http_metrics? ( dev-libs/yajl )
-       nginx_modules_http_dav_ext? ( dev-libs/expat )"
+       nginx_modules_http_dav_ext? ( dev-libs/expat )
+       nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )"
 RDEPEND="${CDEPEND}"
 DEPEND="${CDEPEND}
        arm? ( dev-libs/libatomic_ops )
@@ -201,7 +209,8 @@
 REQUIRED_USE="pcre-jit? ( pcre )
        nginx_modules_http_lua? ( nginx_modules_http_rewrite )
        nginx_modules_http_naxsi? ( pcre )
-       nginx_modules_http_dav_ext? ( nginx_modules_http_dav )"
+       nginx_modules_http_dav_ext? ( nginx_modules_http_dav )
+       nginx_modules_http_security? ( pcre )"
 
 pkg_setup() {
        NGINX_HOME="/var/lib/nginx"
@@ -242,6 +251,12 @@
                epatch "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.2.6+.patch
        fi
 
+       if use nginx_modules_http_security; then
+               cd "${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity"
+               epatch "${FILESDIR}/${P}-modsecurity-include-paths.patch"
+               cd -
+       fi
+
        find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die
        # We have config protection, don't rename etc files
        sed -i 's:.default::' auto/install || die
@@ -353,6 +368,11 @@
                myconf+=" --add-module=${HTTP_DAV_EXT_MODULE_WD}"
        fi
 
+       if use nginx_modules_http_security ; then
+               http_enabled=1
+               myconf+=" --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity"
+       fi
+
        if use http || use http-cache; then
                http_enabled=1
        fi
@@ -406,6 +426,13 @@
                --http-scgi-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/scgi \
                --http-uwsgi-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/uwsgi \
                ${myconf} || die "configure failed"
+
+       if use nginx_modules_http_security; then
+               cd "${HTTP_SECURITY_MODULE_WD}"
+               ./configure --enable-standalone-module
+               make
+       fi
+
 }
 
 src_compile() {
@@ -512,6 +539,11 @@
                docinto ${HTTP_DAV_EXT_MODULE_P}
                dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README
        fi
+
+       if use nginx_modules_http_security; then
+               docinto ${HTTP_SECURITY_MODULE_P}
+               dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt}
+       fi
 }
 
 pkg_postinst() {

Comment 4 Tiziano Müller (RETIRED) gentoo-dev

2013-10-05 12:18:54 UTC

Support added in nginx-1.4.2(-r1), thanks for the patch, Jer!