## ## apache-security.spec -- OpenPKG RPM Package Specification ## Copyright (c) 2000-2022 OpenPKG Project ## ## Permission to use, copy, modify, and distribute this software for ## any purpose with or without fee is hereby granted, provided that ## the above copyright notice and this permission notice appear in all ## copies. ## ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ## SUCH DAMAGE. ## # package version %define V_major 2.8 %define V_minor 0 %define V_rules 3.2.0 # package information Name: apache-security Summary: Apache Extension: Security URL: http://www.modsecurity.org/ Vendor: Breach Security, Inc. Packager: OpenPKG Project Distribution: OpenPKG Community Class: EVAL Group: Web License: Open Source Version: %{V_major}.%{V_minor} Release: 20190924 # list of sources Source0: https://github.com/SpiderLabs/ModSecurity/releases/download/v%{V_major}.%{V_minor}/modsecurity-%{V_major}.%{V_minor}.tar.gz Source1: https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v%{V_rules}.tar.gz Source2: apache-security.conf Patch0: apache-security.patch # build information BuildPreReq: OpenPKG, openpkg >= 20160101, make PreReq: OpenPKG, openpkg >= 20160101 BuildPreReq: apache, apr, libxml, pcre, curl, lua51 PreReq: apache, apr, libxml, pcre, curl, lua51 %description This is the Security extension module for the Apache HTTP webserver. %track prog apache-security:module = { version = %{V_major}.%{V_minor} url = https://github.com/SpiderLabs/ModSecurity/releases regex = modsecurity-(%{V_major}(\.\d+)+)\.tar\.gz } prog apache-security:rules = { version = %{V_rules} url = https://github.com/SpiderLabs/owasp-modsecurity-crs/releases regex = (\d+(\.\d+)+)\.tar\.gz } %prep %setup -q -n modsecurity-%{V_major}.%{V_minor} %setup -q -n modsecurity-%{V_major}.%{V_minor} -T -D -a 1 mv owasp-modsecurity-crs-* rules %patch -p0 %build # build module CC="%{l_cc}" \ CFLAGS="%{l_cflags -O}" \ CPPFLAGS="%{l_cppflags lua51/lua .}" \ LDFLAGS="%{l_ldflags lua51/lua .}" \ ./configure \ --prefix=%{l_prefix} \ --with-apxs=%{l_prefix}/sbin/apxs \ --with-pcre=%{l_prefix} \ --with-apr=%{l_prefix} \ --with-apu=%{l_prefix} \ --with-libxml=%{l_prefix} \ --with-lua=%{l_prefix} \ --with-curl=%{l_prefix} \ --disable-mlogc %{l_make} %{l_mflags} %install # install module %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/etc/apache/apache.d \ $RPM_BUILD_ROOT%{l_prefix}/libexec/apache %{l_shtool} install -c -m 755 \ apache2/.libs/mod_security2.so \ $RPM_BUILD_ROOT%{l_prefix}/libexec/apache/mod_security.so %{l_shtool} install -c -m 644 %{l_value -s -a} \ %{SOURCE apache-security.conf} \ $RPM_BUILD_ROOT%{l_prefix}/etc/apache/apache.d/ # install core rule sets %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/etc/apache-security cp -rp rules/rules/* \ $RPM_BUILD_ROOT%{l_prefix}/etc/apache-security/ # create directories for logs and data storages %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/var/apache-security/{data,log,tmp,upload} # determine installation files %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ %{l_files_std} \ '%config %{l_prefix}/etc/apache/apache.d/apache-security.conf' \ '%config %{l_prefix}/etc/apache-security/*' \ '%dir %attr(0770,%{l_susr},%{l_ngrp}) %{l_prefix}/var/apache-security/data' \ '%dir %attr(0770,%{l_susr},%{l_ngrp}) %{l_prefix}/var/apache-security/tmp' \ '%dir %attr(0770,%{l_susr},%{l_ngrp}) %{l_prefix}/var/apache-security/upload' %files -f files %clean %post # after upgrade, restart service [ $1 -eq 2 ] || exit 0 eval `%{l_rc} apache status 2>/dev/null` [ ".$apache_active" = .yes ] && %{l_rc} apache restart exit 0