Modsecurity module added to Nginx. Archive directory created

fedora/SPECS/nginx.spec

@@ -1,6 +1,8 @@
-%global  _hardened_build     1
-%global  nginx_user          nginx
-%global  with_ldap_module    1
+%global  _hardened_build            1
+%global  nginx_user                 nginx
+%global  with_ldap_module           1
+%global  with_modsecurity_module    1
+%global  modsecver                  3.0.2
 
 # gperftools exist only on selected arches
 %ifnarch s390 s390x
@@ -16,7 +18,7 @@
 Name:              nginx
 Epoch:             1
 Version:           1.13.12
-Release:           2%{?dist}
+Release:           3%{?dist}
 
 Summary:           A high performance web server and reverse proxy server
 Group:             System Environment/Daemons
@@ -27,6 +29,9 @@ URL:               http://nginx.org/
 
 Source0:           https://nginx.org/download/nginx-%{version}.tar.gz
 Source1:           ngx_http_auth_ldap_module.tar.gz
+Source2:           modsecurity-nginx-%{modsecver}.tar.gz
+Source3:           modsecurity.conf
+Source4:           main.conf
 Source10:          nginx.service
 Source11:          nginx.logrotate
 Source12:          nginx.conf
@@ -146,7 +151,7 @@ Requires:          perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $ve
 
 %package mod-http-xslt-filter
 Group:             System Environment/Daemons
-Summary:           Nginx XSLT module
+Summary:           Nginx XSLT modul
 BuildRequires:     libxslt-devel
 Requires:          nginx
 
@@ -155,7 +160,7 @@ Requires:          nginx
 
 %package mod-mail
 Group:             System Environment/Daemons
-Summary:           Nginx mail modules
+Summary:           Nginx mail module
 Requires:          nginx
 
 %description mod-mail
@@ -163,16 +168,16 @@ Requires:          nginx
 
 %package mod-stream
 Group:             System Environment/Daemons
-Summary:           Nginx stream modules
+Summary:           Nginx stream module
 Requires:          nginx
 
 %description mod-stream
 %{summary}.
 
- %if 0%{?with_ldap_module}
+%if 0%{?with_ldap_module}
 %package mod-auth-ldap
 Group:             System Environment/Daemons
-Summary:           Nginx ldap auth modules
+Summary:           Nginx ldap auth module
 Requires:          nginx
 BuildRequires:     openldap-devel
 
@@ -180,10 +185,21 @@ BuildRequires:     openldap-devel
 LDAP auth module for nginx
 %endif
 
+%if 0%{?with_modsecurity_module}
+%package mod-security
+Group:             System Environment/Daemons
+Summary:           Nginx modsecurity module
+Requires:          nginx libmodsecurity
+BuildRequires:     libmodsecurity-devel
+
+%description mod-security
+Modsecurity module for nginx
+%endif
 
 %prep
 %if 0%{?with_ldap_module}
 %setup -q -b 1 -n ngx_http_auth_ldap_module
+%setup -q -b 2 -n modsecurity-nginx-%{modsecver}
 %endif
 %setup -q
 %patch0 -p0
@@ -252,6 +268,10 @@ export DESTDIR=%{buildroot}
 %endif
 %if 0%{?with_ldap_module}
     --add-dynamic-module=%{_builddir}/ngx_http_auth_ldap_module \
+%endif
+%if 0%{?with_modsecurity_module}
+    --add-dynamic-module=%{_builddir}/modsecurity-nginx-%{modsecver} \
+    --with-compat \
 %endif
     --with-debug \
     --with-cc-opt="%{optflags} $(pcre-config --cflags)" \
@@ -289,6 +309,15 @@ install -m 0755 ./objs/ngx_http_auth_ldap_module.so %{buildroot}%{_libdir}/nginx
 install -p -D -m 0644 %{_builddir}/ngx_http_auth_ldap_module/example.conf %{buildroot}%{_defaultdocdir}/%{name}/auth_ldap_example.conf
 %endif
 
+%if 0%{?with_modsecurity_module}
+install -m 0755 ./objs/ngx_http_modsecurity_module.so %{buildroot}%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so
+install -p -D -m 0644 %{S:3} %{buildroot}%{_sysconfdir}/nginx/modsec/modsecurity.conf
+install -p -D -m 0644 %{S:3} %{buildroot}%{_sysconfdir}/nginx/modsec/main.conf
+for f in CHANGES AUTHORS README.md LICENSE; do
+	install -p -D -m 0644 %{_builddir}/modsecurity-nginx-%{modsecver}/$f %{buildroot}%{_defaultdocdir}/%{name}-mod-security/$f
+done
+%endif
+
 install -p -m 0644 ./nginx.conf \
     %{buildroot}%{_sysconfdir}/nginx
 install -p -m 0644 %{SOURCE100} \
@@ -329,6 +358,10 @@ echo 'load_module "%{_libdir}/nginx/modules/ngx_stream_module.so";' \
 echo 'load_module "%{_libdir}/nginx/modules/ngx_http_auth_ldap_module.so";' \
     > %{buildroot}%{_datadir}/nginx/modules/mod-http_auth-ldap.conf
 %endif
+%if 0%{?with_modsecurity_module}
+echo 'load_module "%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so";' \
+    > %{buildroot}%{_datadir}/nginx/modules/mod-http_modsecurity.conf
+%endif
 
 %pre filesystem
 getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
@@ -461,10 +494,23 @@ fi
 %{_defaultdocdir}/%{name}/auth_ldap_example.conf
 %endif
 
+%if 0%{?with_modsecurity_module}
+%files mod-security
+%{_defaultdocdir}/%{name}-mod-security/*
+%config(noreplace) %{_sysconfdir}/nginx/modsec/modsecurity.conf
+%config(noreplace) %{_sysconfdir}/nginx/modsec/main.conf
+%{_datadir}/nginx/modules/mod-http_modsecurity.conf
+%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so
+%endif
+
 %clean
-[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot}
+[ "%{buildroot}" != "/" ] && [ -d "%{buildroot}" ] && rm -rf %{buildroot}/*
+[ "%{_builddir}" != "/" ] && [ -d "%{_builddir}" ] && rm -rf %{_builddir}/*
 
 %changelog
-* Sat Apr 14 2018 Daniel Steiner <daniel.steiner@greenmail.ch> 1.13.12-2
-- Auth-ldap module added for basic auth over LDAP.
+* Sun Apr 15 2018 Daniel Steiner <daniel.steiner@greenmail.ch> 1.13.12-3
+- Modsecurity module added as a shared module.
+
+* Sat Apr 14 2018 Daniel Steiner <daniel.steiner@greenmail.ch> 1.13.12-2
+- Auth-ldap module added for basic auth over LDAP as a shared module.