Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Build and release binaries on GitHub #171

Closed
soufianebenali opened this issue Nov 28, 2019 · 9 comments
Closed

Build and release binaries on GitHub #171

soufianebenali opened this issue Nov 28, 2019 · 9 comments
Assignees

Comments

@soufianebenali
Copy link

We are refactoring the modsecurity-docker repository. Doing this, we saw that the ModSecurity-nginx binary and its dependencies are built in the Dockerfile from source.

The installation process is rather complex and the result is risky ("unknown" if you prefer) as it's an untested setup. We would prefer to have this simpler and install an installation package for a target platform, for some obvious reasons:

  • Building, testing and attaching a version number should be part of the release process of the software, not the build process of a Docker image.
  • ModSecurity binaries we ship with an image should be available also separately, outside of the Docker image.
  • If there are any dependencies they should be covered by the software's build process to make installation easy on and independent from installation processes of ModSecurity's target platforms.

Are you planning on releasing ModSecurity-nginx packages here on GitHub? Is there anything that we can help you with getting that realized?

@zimmerle
Copy link
Contributor

Hi @soufianebenali ,

The packages for ModSecurity are distribution (and platform) dependent, we trust the distributions to keep the packages up to date. Maybe, it is the case to install the distribution package in the docker image.

@zimmerle zimmerle self-assigned this Nov 28, 2019
@soufianebenali
Copy link
Author

Hi @zimmerle,

Thank you for clarifying. Can you please link to the packages for debian and alpine?

@zimmerle
Copy link
Contributor

debian -
https://packages.debian.org/search?keywords=modsecurity&searchon=names&suite=stable&section=all

I am not sure where is the correct source for the Alpine Linux, the best place to ask is in the Alpine community itself.

@bittner
Copy link

bittner commented Dec 10, 2019

Could you suggest how to integrate the pre-built packages (on Debian for now) with Nginx?

As of coreruleset/modsecurity-docker#33, we're starting with ModSecurity v2 + Nginx. As this is not (yet) available as a Debian package we try to build it (and are facing an "undefined symbol" error). Any hint on how to fix this would be appreciated! 🙏

Having binaries to simply install would be even better. We're looking forward to it---and are ready to get our hands dirty.

Motivation

In the long run, we want to make sure pre-built packages of ModSecurity v2 and v3 are available for Debian and Alpine, so we can

  • build the related Docker images for all combinations of
  • ModSecurity { v2, v3 } + { Apache, Nginx } on { Debian, Alpine }

without having to build binaries on the fly. This is to

  • provide stable Docker base images that can be
  • combined with stable versions of the CRS, and
  • can be used for running the ModSecurity CRS test suite to
  • support the CRS community in their efforts of maintaining and developing rules.

Any help on coreruleset/modsecurity-docker#33 is highly appreciated!

@zimmerle
Copy link
Contributor

Hi @bittner,

I understand the importance of binary packages. But, the package generation is really up to the distribution and its policy. Something that you can do, however, is to generate a package and put it in a privative repository. During the docker bootstrap, you could add your repo and later install ModSecurity from it.

@bittner
Copy link

bittner commented Dec 13, 2019

Okay, fine.

A technical question: Is it possible with ModSecurity v2 to create a dynamic module for use with Nginx? (see coreruleset/modsecurity-docker#33)

@zimmerle
Copy link
Contributor

@bittner it is not a good idea to use v2 with nginx at all. There are several issues within v2 + nignx. Please use v3 instead.

@bittner
Copy link

bittner commented Dec 13, 2019

Which type of issues? Can you explain this a bit more in detail?

Would you mind commenting on coreruleset/modsecurity-docker#33 directly? I'd like the entire community to know.

@zimmerle
Copy link
Contributor

Hi @bittner,

All the issues regarding ModSecurity are registered here on GitHub, as an example of some issues that v3 came to fix you can check at the label - TBF by libmosecurity

Hope I have answered your question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants