Build modsecurity as a dynamic mod

2018-11-06 19:03:15 +01:00 · 2018-11-06 19:03:15 +01:00 · cbb9e8f4ea
parent 4e1d163acc
commit cbb9e8f4ea
1 changed files with 24 additions and 3 deletions
--- a/nginx.spec
+++ b/nginx.spec
@ -57,7 +57,6 @@ BuildRequires:     gperftools-devel
 BuildRequires:     openssl-devel
 BuildRequires:     pcre-devel
 BuildRequires:     zlib-devel
-BuildRequires:     libmodsecurity-devel

 Requires:          nginx-filesystem = %{epoch}:%{version}-%{release}

@ -68,7 +67,6 @@ Requires:          nginx-all-modules = %{epoch}:%{version}-%{release}

 Requires:          openssl
 Requires:          pcre
-Requires:          libmodsecurity
 Requires(pre):     nginx-filesystem
 %if 0%{?with_mailcap_mimetypes}
 Requires:          nginx-mimetypes
@ -201,6 +199,18 @@ Requires:          nginx == %{?epoch:%{epoch}:}%{version}
 %description mod-ndk
 %{summary}.

+%package mod-http-modsecurity
+Summary:           nginx modsecurity dynamic module
+URL:               https://github.com/SpiderLabs/ModSecurity-nginx
+Group:             System Environment/Daemons
+License:           Apache License 2.0
+BuildRequires:     libmodsecurity-devel
+Requires:          nginx == %{?epoch:%{epoch}:}%{version}
+Requires:          libmodsecurity
+
+%description mod-http-modsecurity
+%{summary}.
+
 %prep
 %setup -q
 %setup -q -T -D -a 300
@ -277,7 +287,7 @@ export DESTDIR=%{buildroot}
    --with-ld-opt="$RPM_LD_FLAGS -Wl,-E" \
    --add-dynamic-module=lua-nginx-module-%{lua_version} \
    --add-dynamic-module=ngx_devel_kit-%{ndk_version} \
-    --add-module=modsecurity-nginx-v%{modsecurity_version}
+    --add-dynamic-module=modsecurity-nginx-v%{modsecurity_version}

 make %{?_smp_mflags}

@ -346,6 +356,8 @@ echo 'load_module "%{_libdir}/nginx/modules/ndk_http_module.so";' \
    > %{buildroot}%{_datadir}/nginx/modules/mod-ndk.conf
 echo 'load_module "%{_libdir}/nginx/modules/ngx_http_lua_module.so";' \
    > %{buildroot}%{_datadir}/nginx/modules/mod-lua.conf
+echo 'load_module "%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so";' \
+    > %{buildroot}%{_datadir}/nginx/modules/mod-modsecurity.conf

 %pre filesystem
 getent group %{nginx_user} > /dev/null || groupadd -r %{nginx_user}
@ -397,6 +409,11 @@ if [ $1 -eq 1 ]; then
    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
 fi

+%post mod-http-modsecurity
+if [ $1 -eq 1 ]; then
+    /usr/bin/systemctl reload nginx.service >/dev/null 2>&1 || :
+fi
+
 %preun
 %systemd_preun nginx.service

@ -489,6 +506,10 @@ fi
 %{_datadir}/nginx/modules/mod-ndk.conf
 %{_libdir}/nginx/modules/ndk_http_module.so

+%files mod-http-modsecurity
+%{_datadir}/nginx/modules/mod-modsecurity.conf
+%{_libdir}/nginx/modules/ngx_http_modsecurity_module.so
+
 %changelog
 * Tue Nov 06 2018 Daniel Berteaud <daniel@firewall-services.com> 1.12.2-20.beta7
 - Add ndk and lua 3rd party modules (daniel@firewall-services.com)