diff options
| author |   Diego Elio Pettenò <flameeyes@gentoo.org> | 2011-03-28 21:58:59 +0000 |
|---|---|---|
| committer | Diego Elio Pettenò <flameeyes@gentoo.org> | 2011-03-28 21:58:59 +0000 |
| commit | 77a63ed2872ceefcfccc9fafbc61b525a0e8ad36 (patch) | |
| tree | 08b81871a5e8b5bcd576c683aeceb1faf4071e54 | |
| parent | Version bump. (diff) | |
| download | gentoo-2-77a63ed2872ceefcfccc9fafbc61b525a0e8ad36.tar.gz gentoo-2-77a63ed2872ceefcfccc9fafbc61b525a0e8ad36.tar.bz2 gentoo-2-77a63ed2872ceefcfccc9fafbc61b525a0e8ad36.zip | |
Cleanup ebuild, port to EAPI=3; add geoip USE flag to bring in dev-libs/geoip and set it up.
(Portage version: 2.2.0_alpha29/cvs/Linux x86_64)
| -rw-r--r-- | www-apache/mod_security/ChangeLog | 9 | ||||
| -rw-r--r-- | www-apache/mod_security/files/2.5.13/79_mod_security.conf | 16 | ||||
| -rw-r--r-- | www-apache/mod_security/files/modsecurity.conf (renamed from www-apache/mod_security/files/2.5.13-r2/79_modsecurity.conf) | 3 | ||||
| -rw-r--r-- | www-apache/mod_security/metadata.xml | 7 | ||||
| -rw-r--r-- | www-apache/mod_security/mod_security-2.5.13-r1.ebuild | 99 | ||||
| -rw-r--r-- | www-apache/mod_security/mod_security-2.5.13-r2.ebuild | 39 |
6 files changed, 42 insertions, 131 deletions
diff --git a/www-apache/mod_security/ChangeLog b/www-apache/mod_security/ChangeLog index b8f2ccc51277..539e95c75d19 100644 --- a/www-apache/mod_security/ChangeLog +++ b/www-apache/mod_security/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for www-apache/mod_security # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.50 2011/03/23 23:05:00 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/ChangeLog,v 1.51 2011/03/28 21:58:58 flameeyes Exp $ + + 28 Mar 2011; Diego E. Pettenò <flameeyes@gentoo.org> + +files/modsecurity.conf, -files/2.5.13-r2/79_modsecurity.conf, + -files/2.5.13/79_mod_security.conf, -mod_security-2.5.13-r1.ebuild, + mod_security-2.5.13-r2.ebuild, metadata.xml: + Cleanup ebuild, port to EAPI=3; add geoip USE flag to bring in dev-libs/geoip + and set it up. *mod_security-2.5.13-r2 (23 Mar 2011) diff --git a/www-apache/mod_security/files/2.5.13/79_mod_security.conf b/www-apache/mod_security/files/2.5.13/79_mod_security.conf deleted file mode 100644 index ba1fb64729a4..000000000000 --- a/www-apache/mod_security/files/2.5.13/79_mod_security.conf +++ /dev/null @@ -1,16 +0,0 @@ -<IfDefine SECURITY> -LoadModule security2_module modules/mod_security2.so - -SecDataDir /var/cache/mod_security - -# use Core Rule Set by default, but no optional or experimental rules -Include /etc/apache2/modules.d/mod_security/*.conf - -# Optionally use the other rules as well -# Include /etc/apache2/modules.d/mod_security/optional_rules/*.conf -# Include /etc/apache2/modules.d/mod_security/experimental_rules/*.conf - -</IfDefine> - -# -*- apache -*- -# vim: ts=4 filetype=apache diff --git a/www-apache/mod_security/files/2.5.13-r2/79_modsecurity.conf b/www-apache/mod_security/files/modsecurity.conf index 77a42bab1920..254ecf4094b8 100644 --- a/www-apache/mod_security/files/2.5.13-r2/79_modsecurity.conf +++ b/www-apache/mod_security/files/modsecurity.conf @@ -1,6 +1,9 @@ <IfDefine SECURITY> LoadModule security2_module modules/mod_security2.so +# Enable looking up geolocation data from MaxMind's GeoIP database +SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat + SecDataDir /var/cache/modsecurity </IfDefine> diff --git a/www-apache/mod_security/metadata.xml b/www-apache/mod_security/metadata.xml index 5088fa888ba7..11837ee42647 100644 --- a/www-apache/mod_security/metadata.xml +++ b/www-apache/mod_security/metadata.xml @@ -20,5 +20,12 @@ applications, including Rails-based web applications and Bugzilla. </flag> + + <flag name='geoip'> + Configure ModSecurity to query the GeoIP database from MaxMind, + provided by <pkg>dev-libs/geoip</pkg>. This flag only controls + the default configuration, as the GeoIP query code is part of + ModSecurity's source code. + </flag> </use> </pkgmetadata> diff --git a/www-apache/mod_security/mod_security-2.5.13-r1.ebuild b/www-apache/mod_security/mod_security-2.5.13-r1.ebuild deleted file mode 100644 index 67ead0a842fc..000000000000 --- a/www-apache/mod_security/mod_security-2.5.13-r1.ebuild +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.13-r1.ebuild,v 1.2 2011/02/26 14:44:27 xarthisius Exp $ - -EAPI=2 - -inherit apache-module autotools - -MY_P=${P/mod_security-/modsecurity-apache_} -MY_P=${MY_P/_rc/-rc} - -DESCRIPTION="Web application firewall and Intrusion Detection System for Apache." -HOMEPAGE="http://www.modsecurity.org/" -SRC_URI="http://www.modsecurity.org/download/${MY_P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~ppc ~sparc ~x86" -IUSE="lua" - -DEPEND="dev-libs/libxml2 - lua? ( >=dev-lang/lua-5.1 ) - www-servers/apache[apache2_modules_unique_id]" -RDEPEND="${DEPEND}" -PDEPEND="www-apache/modsecurity-crs" - -S="${WORKDIR}/${MY_P}" - -APACHE2_MOD_FILE="apache2/.libs/${PN}2.so" -APACHE2_MOD_CONF="2.5.13/79_mod_security" -APACHE2_MOD_DEFINE="SECURITY" - -need_apache2 - -src_prepare() { - epatch "${FILESDIR}"/${PN}-2.5.10-as-needed.patch - - cd apache2 - eautoreconf -} - -src_configure() { - cd apache2 - - econf --with-apxs="${APXS}" \ - --without-curl \ - $(use_with lua) \ - || die "econf failed" -} - -src_compile() { - cd apache2 - - APXS_FLAGS= - for flag in ${CFLAGS}; do - APXS_FLAGS="${APXS_FLAGS} -Wc,${flag}" - done - - # Yes we need to prefix it _twice_ - for flag in ${LDFLAGS}; do - APXS_FLAGS="${APXS_FLAGS} -Wl,${flag}" - done - - emake \ - APXS_CFLAGS="${CFLAGS}" \ - APXS_LDFLAGS="${LDFLAGS}" \ - APXS_EXTRA_CFLAGS="${APXS_FLAGS}" \ - || die "emake failed" -} - -src_test() { - cd apache2 - emake test || die -} - -src_install() { - apache-module_src_install - - # install documentation - dodoc CHANGES || die - dohtml -r doc/* || die - - keepdir /var/cache/mod_security || die - fowners apache:apache /var/cache/mod_security || die - fperms 0770 /var/cache/mod_security || die -} - -pkg_postinst() { - if [[ -f "${ROOT}"/etc/apache/modules.d/99_mod_security.conf ]]; then - ewarn "You still have the configuration file 99_mod_security.conf." - ewarn "Please make sure to remove that and keep only 79_mod_security.conf." - ewarn "" - fi - elog "The base configuration file has been renamed 79_mod_security.conf" - elog "so that you can put your own configuration as 80_mod_security_local.conf or" - elog "equivalent." - elog "" - elog "That would be the correct place for site-global security rules." -} diff --git a/www-apache/mod_security/mod_security-2.5.13-r2.ebuild b/www-apache/mod_security/mod_security-2.5.13-r2.ebuild index 065f4e41bc67..8608e48053ec 100644 --- a/www-apache/mod_security/mod_security-2.5.13-r2.ebuild +++ b/www-apache/mod_security/mod_security-2.5.13-r2.ebuild @@ -1,13 +1,12 @@ # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.13-r2.ebuild,v 1.1 2011/03/23 23:05:00 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apache/mod_security/mod_security-2.5.13-r2.ebuild,v 1.2 2011/03/28 21:58:58 flameeyes Exp $ -EAPI=2 +EAPI=3 inherit apache-module autotools -MY_P=${P/mod_security-/modsecurity-apache_} -MY_P=${MY_P/_rc/-rc} +MY_P=modsecurity-apache_${PV/_rc/-rc} DESCRIPTION="Web application firewall and Intrusion Detection System for Apache." HOMEPAGE="http://www.modsecurity.org/" @@ -16,23 +15,25 @@ SRC_URI="http://www.modsecurity.org/download/${MY_P}.tar.gz" LICENSE="GPL-2" SLOT="0" KEYWORDS="~amd64 ~ppc ~sparc ~x86" -IUSE="lua" +IUSE="lua geoip" DEPEND="dev-libs/libxml2 lua? ( >=dev-lang/lua-5.1 ) www-servers/apache[apache2_modules_unique_id]" -RDEPEND="${DEPEND}" +RDEPEND="${DEPEND} + geoip? ( dev-libs/geoip )" PDEPEND="www-apache/modsecurity-crs" S="${WORKDIR}/${MY_P}" APACHE2_MOD_FILE="apache2/.libs/${PN}2.so" -APACHE2_MOD_CONF="2.5.13-r2/79_modsecurity" APACHE2_MOD_DEFINE="SECURITY" need_apache2 src_prepare() { + cp "${FILESDIR}"/modsecurity.conf "${T}"/79_modsecurity.conf || die + epatch "${FILESDIR}"/${PN}-2.5.10-as-needed.patch cd apache2 @@ -49,7 +50,10 @@ src_configure() { } src_compile() { - cd apache2 + if ! use geoip; then + sed -i -e '/SecGeoLookupDb/s:^:#:' \ + "${T}"/79_modsecurity.conf || die + fi APXS_FLAGS= for flag in ${CFLAGS}; do @@ -61,7 +65,7 @@ src_compile() { APXS_FLAGS="${APXS_FLAGS} -Wl,${flag}" done - emake \ + emake -C apache2 \ APXS_CFLAGS="${CFLAGS}" \ APXS_LDFLAGS="${LDFLAGS}" \ APXS_EXTRA_CFLAGS="${APXS_FLAGS}" \ @@ -69,16 +73,21 @@ src_compile() { } src_test() { - cd apache2 - emake test || die + emake -C apache2 test || die } src_install() { apache-module_src_install - # install documentation - dodoc CHANGES || die - dohtml -r doc/* || die + # install manually rather than by using the APACHE2_MOD_CONF + # variable since we have to edit it to set things up properly. + insinto "${APACHE_MODULES_CONFDIR}" + doins "${T}"/79_modsecurity.conf + + # install documentation; don't install index.html as it references + # the PDF and split-pages versions of the same documentation. + dodoc CHANGES + dohtml "${S}"/doc/*.{css,gif,jpg} "${S}"/doc/modsecurity2*.html keepdir /var/cache/modsecurity || die fowners apache:apache /var/cache/modsecurity || die @@ -88,7 +97,7 @@ src_install() { pkg_postinst() { if [[ -f "${ROOT}"/etc/apache/modules.d/99_mod_security.conf ]]; then ewarn "You still have the configuration file 99_mod_security.conf." - ewarn "Please make sure to remove that and keep only 79_mod_security.conf." + ewarn "Please make sure to remove that and keep only 79_modsecurity.conf." ewarn "" fi elog "The base configuration file has been renamed 79_modsecurity.conf" |