In www-servers/nginx, when using the "security" USE flag, brings in dev-libs/modsecurity which is dependant on www-apache/modsecurity-crs. www-apache/modsecurity-crs then brings in www-apache/mod_security, and consequently www-servers/apache This is not required, modsecurity-crs only needs either of the modsecurity options Reproducible: Always Steps to Reproduce: 1. Enable "security" USE flag for www-servers/nginx 2. Emerge all with new flags 3. www-apache/mod_security and www-servers/apache are attempted to be merged Actual Results: www-apache/mod_security and www-servers/apache are merged when not required. Expected Results: www-servers/nginx, dev-libs/modsecurity and www-apache/modsecurity-crs are expected to be installed only. --- a/www-apache/modsecurity-crs/modsecurity-crs-3.3.2.ebuild +++ b/www-apache/modsecurity-crs/modsecurity-crs-3.3.2.ebuild @@ -11,7 +11,7 @@ LICENSE="Apache-2.0" SLOT="0" KEYWORDS="amd64 x86" -RDEPEND=">=www-apache/mod_security-2.9.1" +RDEPEND="|| ( >=www-apache/mod_security-2.9.1 >=dev-libs/modsecurity-3.0.0 )" S="${WORKDIR}/coreruleset-${PV}"
Just re-tested this on a new system, and it's slightly different, probably because of my existing config. Adding "security" as a use flag gives this merge: emerge -uavDN @world --changed-deps y --with-bdeps y * IMPORTANT: 8 news items need reading for repository 'gentoo'. * Use eselect news read to view new items. These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild N ] dev-libs/modsecurity-3.0.7::gentoo USE="-doc -fuzzyhash -geoip -geoip2 -json -lmdb -lua -pcre2" LUA_SINGLE_TARGET="lua5-1 -lua5-3 -lua5-4" 0 KiB [ebuild R ] www-servers/nginx-1.23.1-r1:mainline::gentoo USE="http http2 http-cache ipv6 pcre pcre2 (selinux) ssl threads vim-syntax -aio -debug -libatomic -pcre-jit -rtmp" LUA_SINGLE_TARGET="luajit" NGINX_MODULES_HTTP="access auth_basic auth_request autoindex browser charset empty_gif fastcgi geo grpc gzip limit_conn limit_req map memcached mirror proxy realip referer rewrite scgi security* split_clients ssi upstream_hash upstream_ip_hash upstream_keepalive upstream_least_conn upstream_zone userid uwsgi -addition -auth_ldap -auth_pam -brotli -cache_purge -dav -dav_ext -degradation -echo -fancyindex -flv -geoip -geoip2 -gunzip -gzip_static -headers_more -image_filter -javascript -lua -memc -metrics -mogilefs -mp4 -naxsi -perl -push_stream -random_index -secure_link -slice -slowfs_cache -spdy -sticky -stub_status -sub -upload_progress -upstream_check -vhost_traffic_status -xslt" NGINX_MODULES_MAIL="-imap -pop3 -smtp" NGINX_MODULES_STREAM="-access -geo -geoip -geoip2 -javascript -limit_conn -map -realip -return -split_clients -ssl_preread -upstream_hash -upstream_least_conn -upstream_zone" 34 KiB Total: 2 packages (1 new, 1 reinstall), Size of downloads: 34 KiB Then adding the ruleset modsecurity-crs gives: emerge -av www-apache/modsecurity-crs These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild N ] acct-group/apache-0-r2::gentoo 0 KiB [ebuild N ] acct-user/apache-0-r2::gentoo 0 KiB [ebuild N ] app-admin/apache-tools-2.4.54::gentoo USE="ssl" 7,261 KiB [ebuild N ] www-servers/apache-2.4.54-r2:2::gentoo USE="(selinux) (split-usr) ssl suexec-caps threads -debug -doc -gdbm -ldap -static -suexec -suexec-syslog -systemd" APACHE2_MODULES="actions alias auth_basic authn_anon authn_core authn_dbm authn_file authz_core authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers http2 include info log_config logio mime mime_magic negotiation rewrite setenvif socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias -access_compat -asis -auth_digest -auth_form -authn_dbd -authn_socache -authz_dbd -brotli -cache_disk -cache_socache -cern_meta -charset_lite -dbd -dumpio -ident -imagemap -lbmethod_bybusyness -lbmethod_byrequests -lbmethod_bytraffic -lbmethod_heartbeat -log_forensic (-lua) -macro -md -proxy -proxy_ajp -proxy_balancer -proxy_connect -proxy_fcgi -proxy_ftp -proxy_hcheck -proxy_html -proxy_http -proxy_http2 -proxy_scgi -proxy_uwsgi -proxy_wstunnel -ratelimit -remoteip -reqtimeout -session -session_cookie -session_crypto -session_dbd -slotmem_shm -socache_memcache -substitute -version -watchdog -xml2enc" APACHE2_MPMS="-event -prefork -worker" LUA_SINGLE_TARGET="lua5-1 -lua5-3 -lua5-4" 26 KiB [ebuild N ] www-apache/mod_security-2.9.5::gentoo USE="-doc -fuzzyhash -geoip -jit -json -lua -mlogc" LUA_SINGLE_TARGET="lua5-1 -lua5-3" 4,214 KiB [ebuild N ] www-apache/modsecurity-crs-3.3.2::gentoo 284 KiB Total: 6 packages (6 new), Size of downloads: 11,784 KiB
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d20bf8a1839f65630232bf3a43bbae464d94d3d4 commit d20bf8a1839f65630232bf3a43bbae464d94d3d4 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-10-22 04:05:11 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2022-11-21 09:21:05 +0000 www-apache/modsecurity-crs: add 3.3.4 Bug: https://bugs.gentoo.org/872077 Closes: https://bugs.gentoo.org/869737 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/27886 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-apache/modsecurity-crs/Manifest | 1 + www-apache/modsecurity-crs/metadata.xml | 11 +++--- .../modsecurity-crs/modsecurity-crs-3.3.4.ebuild | 42 ++++++++++++++++++++++ 3 files changed, 50 insertions(+), 4 deletions(-)
