Fix Nginx version dependency specificier, dynamically link to libmods…

…ecurity
phusion · Mar 13, 2022 · 0d11f82 · 0d11f82
1 parent 276c8c1
commit 0d11f82
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 38 deletions.
diff --git a/.gitignore b/.gitignore
@@ -7,5 +7,4 @@
 /*.buildinfo
 /*.changes
 /*.upload
-/*.git
 /libnginx-mod-http-modsecurity-*
diff --git a/Makefile b/Makefile
@@ -1,13 +1,13 @@
 PACKAGE_NAME = libnginx-mod-http-modsecurity
 
-# The Debian package version. Every time MODSECURITY_REF, LIBMODSECURITY_REF,
+# The Debian package version. Every time NGINX_MODSECURITY_REF
 # or NGINX_VERSION changes, you must bump this number.
 #
 # When bumping this number, you MUST also:
 # - reset PACKAGE_REVISION.
 # - edit spec/control and add a changelog entry there with
 #   `$(PACKAGE_VERSION)-$(PACKAGE_REVISION)` as version number.
-PACKAGE_VERSION = 1.0.2
+PACKAGE_VERSION = 1.0.2-2
 
 # The version of ModSecurity-nginx you want to package. This must
 # correspond to a specific tag in the ModSecurity-nginx Git repository:
@@ -16,12 +16,6 @@ PACKAGE_VERSION = 1.0.2
 # If you change this number, then you MUST bump PACKAGE_VERSION.
 NGINX_MODSECURITY_REF = 1.0.2
 
-# The libmodsecurity (https://github.com/SpiderLabs/ModSecurity)
-# Git commit that you want to compile ModSecurity-nginx against.
-#
-# If you change this number, then you MUST bump PACKAGE_VERSION.
-LIBMODSECURITY_REF = v3.0.6
-
 # The Nginx version that you want to compile ModSecurity-nginx against.
 # This must be the exact same version as the one installable via the
 # Ubuntu APT repository. You can use https://packages.ubuntu.com/
@@ -32,8 +26,8 @@ LIBMODSECURITY_REF = v3.0.6
 # - you MUST synchronize the corresponding numbers in spec/control.
 NGINX_VERSION = 1.18.0
 
-# If you've updated the package, but without updating MODSECURITY_REF,
-# LIBMODSECURITY_REF or NGINX_VERSION (that is, you did not update PACKAGE_VERSION),
+# If you've updated the package, but without updating NGINX_MODSECURITY_REF
+# or NGINX_VERSION (that is, you did not update PACKAGE_VERSION),
 # then you must bump this number.
 #
 # Only modify the number before the `~` part. Don't touch the text after
@@ -60,7 +54,7 @@ dev: $(PACKAGE_NAME)_$(PACKAGE_VERSION)-$(PACKAGE_REVISION).dsc
 	cd $(PACKAGE_NAME)-$(PACKAGE_VERSION) && eatmydata dpkg-buildpackage -b -us -uc -jauto $(DPKG_BUILDPACKAGE_ARGS)
 
 clean:
-	rm -rf *.tar.gz *.xz *.git *.dsc *.buildinfo *.changes *.deb *.ddeb *.upload $(PACKAGE_NAME)-*
+	rm -rf *.tar.gz *.xz *.dsc *.buildinfo *.changes *.deb *.ddeb *.upload $(PACKAGE_NAME)-*
 
 
 $(PACKAGE_NAME)_$(PACKAGE_VERSION)-$(PACKAGE_REVISION).dsc: $(PACKAGE_NAME)_$(PACKAGE_VERSION).orig.tar.xz
@@ -73,7 +67,7 @@ $(PACKAGE_NAME)_$(PACKAGE_VERSION)-$(PACKAGE_REVISION).deb: $(PACKAGE_NAME)_$(PA
 	cd $(PACKAGE_NAME)-$(PACKAGE_VERSION) && eatmydata dpkg-buildpackage -b -us -uc -jauto $(DPKG_BUILDPACKAGE_ARGS)
 
 
-$(PACKAGE_NAME)_$(PACKAGE_VERSION).orig.tar.xz: ModSecurity-nginx-$(NGINX_MODSECURITY_REF).tar.gz nginx-$(NGINX_VERSION).tar.gz libmodsecurity.git/HEAD
+$(PACKAGE_NAME)_$(PACKAGE_VERSION).orig.tar.xz: ModSecurity-nginx-$(NGINX_MODSECURITY_REF).tar.gz nginx-$(NGINX_VERSION).tar.gz
 	rm -rf $(PACKAGE_NAME)-$(PACKAGE_VERSION)
 	mkdir $(PACKAGE_NAME)-$(PACKAGE_VERSION)
 	mkdir $(PACKAGE_NAME)-$(PACKAGE_VERSION)/nginx
@@ -83,11 +77,6 @@ $(PACKAGE_NAME)_$(PACKAGE_VERSION).orig.tar.xz: ModSecurity-nginx-$(NGINX_MODSEC
 	tar -C $(PACKAGE_NAME)-$(PACKAGE_VERSION)/nginx --strip-components 1 \
 		-xzf nginx-$(NGINX_VERSION).tar.gz
 
-	git clone libmodsecurity.git $(PACKAGE_NAME)-$(PACKAGE_VERSION)/libmodsecurity
-	cd $(PACKAGE_NAME)-$(PACKAGE_VERSION)/libmodsecurity && git reset --hard $(LIBMODSECURITY_REF)
-	cd $(PACKAGE_NAME)-$(PACKAGE_VERSION)/libmodsecurity && git submodule update --init --recursive
-	rm -rf $(PACKAGE_NAME)-$(PACKAGE_VERSION)/libmodsecurity/.git
-
 	find $(PACKAGE_NAME)-$(PACKAGE_VERSION) -print0 | xargs -0 touch -d '2022-03-13 00:00:00 UTC'
 	tar -c $(PACKAGE_NAME)-$(PACKAGE_VERSION) | xz -zT 0 - > $(PACKAGE_NAME)_$(PACKAGE_VERSION).orig.tar.xz
 	@echo Written $(PACKAGE_NAME)_$(PACKAGE_VERSION).orig.tar.xz
@@ -98,6 +87,3 @@ ModSecurity-nginx-$(NGINX_MODSECURITY_REF).tar.gz:
 
 nginx-$(NGINX_VERSION).tar.gz:
 	wget https://nginx.org/download/nginx-$(NGINX_VERSION).tar.gz
-
-libmodsecurity.git/HEAD:
-	git clone --recurse-submodules https://github.com/SpiderLabs/ModSecurity.git libmodsecurity.git
diff --git a/dev-container/install.sh b/dev-container/install.sh
@@ -6,7 +6,7 @@ export DEBIAN_FRONTEND=noninteractive
 apt update
 apt install -y devscripts gdebi-core mc sudo build-essential python \
 	ccache debhelper quilt eatmydata nano xz-utils wget git \
-	autoconf automake apache2-dev \
+	autoconf automake apache2-dev libmodsecurity-dev \
 	libpcre3-dev libxml2-dev pkg-config libyajl-dev zlib1g-dev \
 	libcurl4-openssl-dev libgeoip-dev libssl-dev
 

diff --git a/spec/changelog b/spec/changelog
@@ -1,10 +1,17 @@
+libnginx-mod-http-modsecurity (1.0.2-2-1~focal1) focal; urgency=medium
+
+  * Fix Nginx dependency specifiers.
+  * Don't statically link to libmodsecurity. Instead, dynamically link to the one provided by Ubuntu.
+
+ -- Hongli Lai <honglilai@gmail.com>  Sun, 13 Mar 2022 14:28:43 +0000
+
 libnginx-mod-http-modsecurity (1.0.2-1~focal1) focal; urgency=medium
 
   * Upgrade to Nginx 1.18.0, same as what's shipped with Ubuntu 20.04.
   * Upgrade to libmodsecurity 3.0.6.
   * Upgrade to nginx-modsecurity 1.0.2.
 
- -- Hongli Lai <honglilai@gmail.com>  Sat, 28 Apr 2018 11:14:26 +0000
+ -- Hongli Lai <honglilai@gmail.com>  Sun, 13 Mar 2022 12:15:21 +0000
 
 libnginx-mod-http-modsecurity (1.0.1-1~bionic1) bionic; urgency=medium
 

diff --git a/spec/control b/spec/control
@@ -3,16 +3,16 @@ Section: httpd
 Priority: optional
 Maintainer: Hongli Lai <hongli@phusion.nl>
 Uploaders: Hongli Lai <hongli@phusion.nl>
-Build-Depends: debhelper (>= 9), autoconf, automake, apache2-dev,
+Build-Depends: debhelper (>= 10), autoconf, automake, apache2-dev,
  libpcre3-dev, libxml2-dev, pkg-config, libyajl-dev, zlib1g-dev,
- libcurl4-openssl-dev, libgeoip-dev, libssl-dev, quilt
-Standards-Version: 3.9.8.0
+ libcurl4-openssl-dev, libgeoip-dev, libssl-dev, quilt, libmodsecurity-dev
+Standards-Version: 4.1.3
 
 Package: libnginx-mod-http-modsecurity
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends},
-  nginx-common (>= 1.14.0),
-  nginx-common (<< 1.14.1)
+  nginx-common (>= 1.18.0),
+  nginx-common (<< 1.18.1)
 Suggests: modsecurity-crs
 Description: Tighten web applications security for Nginx
  Modsecurity is an Nginx module whose purpose is to tighten the Web

diff --git a/spec/rules b/spec/rules
@@ -9,17 +9,7 @@ debian_ldflags:=$(shell dpkg-buildflags --get LDFLAGS) -fPIC
 	dh $@ --with quilt
 
 override_dh_auto_configure:
-	cd libmodsecurity && ./build.sh
-	cd libmodsecurity && ./configure --disable-shared --disable-examples \
-		CFLAGS="$(debian_cflags)" \
-		CXXFLAGS="$(debian_cflags)" \
-		LDFLAGS="$(debian_ldflags)"
-	cd libmodsecurity/others && make
-	cd libmodsecurity/src && make
 	cd nginx && \
-		env MODSECURITY_INC=../libmodsecurity/headers \
-		MODSECURITY_LIB=../libmodsecurity/src/.libs \
-		NGX_IGNORE_RPATH=YES \
 		./configure \
 			--with-cc-opt="$(debian_cflags) $$(pkg-config --cflags libxml-2.0 geoip yajl libpcre libcurl apr-1) -I$$(apxs2 -q INCLUDEDIR) -Wno-error" \
 			--with-ld-opt="$(debian_ldflags)" \