Sort out deps + Start managing Mbed TLS deps for ModSecurity

2026-05-24 09:28:37 +00:00 · 2024-09-05 09:50:23 +02:00 · 2024-09-05 09:50:23 +02:00 · ea3c57f96e
commit ea3c57f96e
parent 50645292d0
4 changed files with 63 additions and 51 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -17,6 +17,7 @@
 - [DEPS] Updated coreruleset-v4 version to v4.6.0
 - [DEPS] Updated coreruleset-v3 version to v3.3.6
 - [DEPS] Updated ModSecurity version to v3.0.13
+- [DEPS] Start managing Mbed TLS as a dependency for ModSecurity (v3.6.1)

 ## v1.5.9 - 2024/07/22

--- a/src/deps/deps.json
+++ b/src/deps/deps.json
@ -7,50 +7,6 @@
    }
  ],
  "git_repository": [
-    {
-      "id": "luajit",
-      "name": "LuaJIT v2.1-20240815",
-      "url": "https://github.com/openresty/luajit2.git",
-      "commit": "33d6b04681d2f079a6d013988a426a841c52e29e"
-    },
-    {
-      "id": "modsecurity",
-      "name": "ModSecurity v3.0.13",
-      "url": "https://github.com/owasp-modsecurity/ModSecurity.git",
-      "commit": "580fe192df1694934f93e3e008058996ea479e35",
-      "post_install": "patch --forward src/deps/src/modsecurity/configure.ac src/deps/misc/modsecurity.patch && rm -rf src/deps/src/modsecurity/others/libinjection"
-    },
-    {
-      "id": "modsecurity-nginx",
-      "name": "ModSecurity-nginx v1.0.3",
-      "url": "https://github.com/owasp-modsecurity/ModSecurity-nginx.git",
-      "commit": "d59e4ad121df702751940fd66bcc0b3ecb51a079",
-      "post_install": "patch --forward src/deps/src/modsecurity-nginx/src/ngx_http_modsecurity_log.c src/deps/misc/modsecurity-nginx.patch && patch --forward src/deps/src/modsecurity-nginx/src/ngx_http_modsecurity_common.h src/deps/misc/ngx_http_modsecurity_common.h.patch && patch --forward src/deps/src/modsecurity-nginx/src/ngx_http_modsecurity_module.c src/deps/misc/ngx_http_modsecurity_module.c.patch && patch --forward src/deps/src/modsecurity-nginx/config src/deps/misc/modsecurity-nginx-config.patch"
-    },
-    {
-      "id": "nginx",
-      "name": "Nginx v1.26.2",
-      "url": "https://github.com/nginx/nginx.git",
-      "commit": "37fe98355461d2f03d73e6a8e82ac4e4cd85d711"
-    },
-    {
-      "id": "ngx_brotli",
-      "name": "Nginx Brotli v1.0.9",
-      "url": "https://github.com/google/ngx_brotli.git",
-      "commit": "6e975bcb015f62e1f303054897783355e2a877dc"
-    },
-    {
-      "id": "nginx_cookie_flag_module",
-      "name": "Nginx cookie flag module v1.1.0",
-      "url": "https://github.com/AirisX/nginx_cookie_flag_module.git",
-      "commit": "4e48acf132952bbed43b28a8e6af0584dacb7b4c"
-    },
-    {
-      "id": "ngx_devel_kit",
-      "name": "Nginx devel kit v0.3.3",
-      "url": "https://github.com/vision5/ngx_devel_kit.git",
-      "commit": "91e30eb05085e7f9762f130cbb883a0e753cf74d"
-    },
    {
      "id": "headers-more-nginx-module",
      "name": "headers-more-nginx-module v0.34",
@ -168,6 +124,12 @@
      "url": "https://github.com/openresty/lua-resty-redis.git",
      "commit": "d7c25f1b339d79196ff67f061c547a73a920b580"
    },
+    {
+      "id": "lua-resty-redis-connector",
+      "name": "lua-resty-redis-connector v0.11.0",
+      "url": "https://github.com/ledgetech/lua-resty-redis-connector.git",
+      "commit": "02a29f93253d1f6ad392c5ac2b643c57e62b5979"
+    },
    {
      "id": "lua-resty-session",
      "name": "lua-resty-session v4.0.5",
@ -198,6 +160,12 @@
      "url": "https://github.com/openresty/lua-resty-upload.git",
      "commit": "03704aee42f7135e7782688d8a9af63a16015edc"
    },
+    {
+      "id": "luajit",
+      "name": "LuaJIT v2.1-20240815",
+      "url": "https://github.com/openresty/luajit2.git",
+      "commit": "33d6b04681d2f079a6d013988a426a841c52e29e"
+    },
    {
      "id": "luajit-geoip",
      "name": "luajit-geoip v2.1.0",
@ -223,6 +191,51 @@
      "url": "https://github.com/diegonehab/luasocket.git",
      "commit": "95b7efa9da506ef968c1347edf3fc56370f0deed"
    },
+    {
+      "id": "mbedtls",
+      "name": "Mbed TLS v3.6.1",
+      "url": "https://github.com/Mbed-TLS/mbedtls.git",
+      "commit": "71c569d44bf3a8bd53d874c81ee8ac644dd6e9e3",
+      "post_install": "rm -rf src/deps/src/mbedtls/tests src/deps/src/mbedtls/programs"
+    },
+    {
+      "id": "modsecurity",
+      "name": "ModSecurity v3.0.13",
+      "url": "https://github.com/owasp-modsecurity/ModSecurity.git",
+      "commit": "580fe192df1694934f93e3e008058996ea479e35",
+      "post_install": "patch --forward src/deps/src/modsecurity/configure.ac src/deps/misc/modsecurity.patch && rm -rf src/deps/src/modsecurity/others/libinjection src/deps/src/modsecurity/others/mbedtls"
+    },
+    {
+      "id": "modsecurity-nginx",
+      "name": "ModSecurity-nginx v1.0.3",
+      "url": "https://github.com/owasp-modsecurity/ModSecurity-nginx.git",
+      "commit": "d59e4ad121df702751940fd66bcc0b3ecb51a079",
+      "post_install": "patch --forward src/deps/src/modsecurity-nginx/src/ngx_http_modsecurity_log.c src/deps/misc/modsecurity-nginx.patch && patch --forward src/deps/src/modsecurity-nginx/src/ngx_http_modsecurity_common.h src/deps/misc/ngx_http_modsecurity_common.h.patch && patch --forward src/deps/src/modsecurity-nginx/src/ngx_http_modsecurity_module.c src/deps/misc/ngx_http_modsecurity_module.c.patch && patch --forward src/deps/src/modsecurity-nginx/config src/deps/misc/modsecurity-nginx-config.patch"
+    },
+    {
+      "id": "nginx",
+      "name": "Nginx v1.26.2",
+      "url": "https://github.com/nginx/nginx.git",
+      "commit": "37fe98355461d2f03d73e6a8e82ac4e4cd85d711"
+    },
+    {
+      "id": "nginx_cookie_flag_module",
+      "name": "Nginx cookie flag module v1.1.0",
+      "url": "https://github.com/AirisX/nginx_cookie_flag_module.git",
+      "commit": "4e48acf132952bbed43b28a8e6af0584dacb7b4c"
+    },
+    {
+      "id": "ngx_brotli",
+      "name": "Nginx Brotli v1.0.9",
+      "url": "https://github.com/google/ngx_brotli.git",
+      "commit": "6e975bcb015f62e1f303054897783355e2a877dc"
+    },
+    {
+      "id": "ngx_devel_kit",
+      "name": "Nginx devel kit v0.3.3",
+      "url": "https://github.com/vision5/ngx_devel_kit.git",
+      "commit": "91e30eb05085e7f9762f130cbb883a0e753cf74d"
+    },
    {
      "id": "stream-lua-nginx-module",
      "name": "stream-lua-nginx-module v0.0.15",
@ -234,12 +247,6 @@
      "name": "zlib v1.3.1",
      "url": "https://github.com/madler/zlib.git",
      "commit": "51b7f2abdade71cd9bb0e7a373ef2610ec6f9daf"
-    },
-    {
-      "id": "lua-resty-redis-connector",
-      "name": "lua-resty-redis-connector v0.11.0",
-      "url": "https://github.com/ledgetech/lua-resty-redis-connector.git",
-      "commit": "02a29f93253d1f6ad392c5ac2b643c57e62b5979"
    }
  ]
 }
--- a/src/deps/install.sh
+++ b/src/deps/install.sh
@ -24,6 +24,7 @@ do_and_check_cmd make INSTALL_TOP=/usr/share/bunkerweb/deps install
 # Compiling and installing libmaxminddb
 echo "ℹ️ Compiling and installing libmaxminddb"
 # TODO : temp fix run it twice...
+chmod +x /tmp/bunkerweb/deps/src/libmaxminddb/bootstrap
 cd /tmp/bunkerweb/deps/src/libmaxminddb && ./bootstrap > /dev/null 2>&1
 export CHANGE_DIR="/tmp/bunkerweb/deps/src/libmaxminddb"
 do_and_check_cmd ./bootstrap
@ -34,6 +35,7 @@ do_and_check_cmd make install
 # Compiling and installing zlib
 echo "ℹ️ Compiling and installing zlib"
 export CHANGE_DIR="/tmp/bunkerweb/deps/src/zlib"
+do_and_check_cmd chmod +x "configure"
 do_and_check_cmd ./configure --prefix=/usr/share/bunkerweb/deps --libdir=/usr/share/bunkerweb/deps/lib/lua
 do_and_check_cmd make -j "$NTASK"
 do_and_check_cmd make install
@ -43,7 +45,9 @@ echo "ℹ️ Compiling and installing ModSecurity"
 # temp fix : Debian run it twice
 # TODO : patch it in clone.sh
 do_and_check_cmd mv /tmp/bunkerweb/deps/src/libinjection /tmp/bunkerweb/deps/src/modsecurity/others/libinjection
+do_and_check_cmd mv /tmp/bunkerweb/deps/src/mbedtls /tmp/bunkerweb/deps/src/modsecurity/others/mbedtls
 export CHANGE_DIR="/tmp/bunkerweb/deps/src/modsecurity"
+do_and_check_cmd chmod +x "build.sh"
 do_and_check_cmd ./build.sh
 do_and_check_cmd sh build.sh
 do_and_check_cmd ./configure --disable-dependency-tracking --disable-static --disable-examples --disable-doxygen-doc --disable-doxygen-html --disable-valgrind-memcheck --disable-valgrind-helgrind --prefix=/usr/share/bunkerweb/deps --with-maxmind=/usr/share/bunkerweb/deps
@ -209,6 +213,7 @@ do_and_check_cmd mv auto/configure ./
 echo '#!/bin/bash' > "/tmp/bunkerweb/deps/src/nginx/configure-fix.sh"
 echo "./configure $CONFARGS --add-dynamic-module=/tmp/bunkerweb/deps/src/headers-more-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/nginx_cookie_flag_module --add-dynamic-module=/tmp/bunkerweb/deps/src/lua-nginx-module --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_brotli --add-dynamic-module=/tmp/bunkerweb/deps/src/ngx_devel_kit --add-dynamic-module=/tmp/bunkerweb/deps/src/stream-lua-nginx-module" --add-dynamic-module=/tmp/bunkerweb/deps/src/modsecurity-nginx >> "/tmp/bunkerweb/deps/src/nginx/configure-fix.sh"

+do_and_check_cmd chmod +x "configure"
 do_and_check_cmd chmod +x "configure-fix.sh"
 export LUAJIT_LIB="/usr/share/bunkerweb/deps/lib -Wl,-rpath,/usr/share/bunkerweb/deps/lib"
 export LUAJIT_INC="/usr/share/bunkerweb/deps/include/luajit-2.1"
--- a/src/deps/src/modsecurity/others/mbedtls
+++ b/src/deps/src/modsecurity/others/mbedtls
@ -1 +0,0 @@
-Subproject commit 2ca6c285a0dd3f33982dd57299012dacab1ff206
				`@ -1 +0,0 @@`
				`Subproject commit 2ca6c285a0dd3f33982dd57299012dacab1ff206`