I have modified nginx-1.4.1-r5.ebuild and added optional security http module, which adds modsecurity (http://www.modsecurity.org/) support for nginx in Gentoo. Unfortunatelly, adds www-servers/apache2 as a dependency, when module enabled, because compiling of modsecurity requires some Apache include files. Building tested only on amd64. Reproducible: Always Steps to Reproduce: - Expected Results: -
Created attachment 358386 [details] Modified ebuild
Created attachment 358388 [details, diff] Required patch for modsecurity include paths
Comment on attachment 358386 [details] Modified ebuild --- nginx-1.4.1-r5.ebuild 2013-09-05 20:08:31.733683509 +0200 +++ - 2013-09-10 16:04:39.951833357 +0200 @@ -108,6 +108,11 @@ HTTP_DAV_EXT_MODULE_URI="http://github.com/arut/nginx-dav-ext-module/archive/v${HTTP_DAV_EXT_MODULE_PV}.tar.gz" HTTP_DAV_EXT_MODULE_WD="${WORKDIR}/nginx-dav-ext-module-${HTTP_DAV_EXT_MODULE_PV}" +HTTP_SECURITY_MODULE_PV="2.7.5" +HTTP_SECURITY_MODULE_P="modsecurity-${HTTP_SECURITY_MODULE_PV}" +HTTP_SECURITY_MODULE_URI="https://www.modsecurity.org/tarball/2.7.5/modsecurity-apache_${HTTP_SECURITY_MODULE_PV}.tar.gz" +HTTP_SECURITY_MODULE_WD="${WORKDIR}/modsecurity-apache_${HTTP_SECURITY_MODULE_PV}" + inherit eutils ssl-cert toolchain-funcs perl-module flag-o-matic user systemd versionator DESCRIPTION="Robust, small and high performance http and reverse proxy server" @@ -127,7 +132,8 @@ nginx_modules_http_metrics? ( ${HTTP_METRICS_MODULE_URI} -> ${HTTP_METRICS_MODULE_P}.tar.gz ) nginx_modules_http_naxsi? ( ${HTTP_NAXSI_MODULE_URI} -> ${HTTP_NAXSI_MODULE_P}.tar.gz ) rtmp? ( ${RTMP_MODULE_URI} -> ${RTMP_MODULE_P}.tar.gz ) - nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz )" + nginx_modules_http_dav_ext? ( ${HTTP_DAV_EXT_MODULE_URI} -> ${HTTP_DAV_EXT_MODULE_P}.tar.gz ) + nginx_modules_http_security? ( ${HTTP_SECURITY_MODULE_URI} -> ${HTTP_SECURITY_MODULE_P}.tar.gz )" LICENSE="BSD-2 BSD SSLeay MIT GPL-2 GPL-2+" SLOT="0" @@ -151,7 +157,8 @@ http_upstream_check http_metrics http_naxsi - http_dav_ext" + http_dav_ext + http_security" IUSE="aio debug +http +http-cache ipv6 libatomic +pcre pcre-jit rtmp selinux ssl syslog userland_GNU vim-syntax" @@ -191,7 +198,8 @@ nginx_modules_http_lua? ( || ( dev-lang/lua dev-lang/luajit ) ) nginx_modules_http_auth_pam? ( virtual/pam ) nginx_modules_http_metrics? ( dev-libs/yajl ) - nginx_modules_http_dav_ext? ( dev-libs/expat )" + nginx_modules_http_dav_ext? ( dev-libs/expat ) + nginx_modules_http_security? ( >=dev-libs/libxml2-2.7.8 dev-libs/apr-util www-servers/apache )" RDEPEND="${CDEPEND}" DEPEND="${CDEPEND} arm? ( dev-libs/libatomic_ops ) @@ -201,7 +209,8 @@ REQUIRED_USE="pcre-jit? ( pcre ) nginx_modules_http_lua? ( nginx_modules_http_rewrite ) nginx_modules_http_naxsi? ( pcre ) - nginx_modules_http_dav_ext? ( nginx_modules_http_dav )" + nginx_modules_http_dav_ext? ( nginx_modules_http_dav ) + nginx_modules_http_security? ( pcre )" pkg_setup() { NGINX_HOME="/var/lib/nginx" @@ -242,6 +251,12 @@ epatch "${HTTP_UPSTREAM_CHECK_MODULE_WD}"/check_1.2.6+.patch fi + if use nginx_modules_http_security; then + cd "${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity" + epatch "${FILESDIR}/${P}-modsecurity-include-paths.patch" + cd - + fi + find auto/ -type f -print0 | xargs -0 sed -i 's:\&\& make:\&\& \\$(MAKE):' || die # We have config protection, don't rename etc files sed -i 's:.default::' auto/install || die @@ -353,6 +368,11 @@ myconf+=" --add-module=${HTTP_DAV_EXT_MODULE_WD}" fi + if use nginx_modules_http_security ; then + http_enabled=1 + myconf+=" --add-module=${HTTP_SECURITY_MODULE_WD}/nginx/modsecurity" + fi + if use http || use http-cache; then http_enabled=1 fi @@ -406,6 +426,13 @@ --http-scgi-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/scgi \ --http-uwsgi-temp-path="${EPREFIX}/${NGINX_HOME_TMP}"/uwsgi \ ${myconf} || die "configure failed" + + if use nginx_modules_http_security; then + cd "${HTTP_SECURITY_MODULE_WD}" + ./configure --enable-standalone-module + make + fi + } src_compile() { @@ -512,6 +539,11 @@ docinto ${HTTP_DAV_EXT_MODULE_P} dodoc "${HTTP_DAV_EXT_MODULE_WD}"/README fi + + if use nginx_modules_http_security; then + docinto ${HTTP_SECURITY_MODULE_P} + dodoc "${HTTP_SECURITY_MODULE_WD}"/{CHANGES,README.TXT,authors.txt} + fi } pkg_postinst() {
Support added in nginx-1.4.2(-r1), thanks for the patch, Jer!