From 8b381c7febc462d330b49801b3f694ac1ca32fc0 Mon Sep 17 00:00:00 2001 From: Jacquin Antoine Date: Sun, 1 Mar 2026 00:12:22 +0100 Subject: [PATCH] build: migrate RPM packaging from fpm to rpmbuild with .spec file - Replace fpm with rpmbuild for standard RPM packaging - Add mod_reqin_log.spec file with Version, %install, %files, %changelog - Use Rocky Linux 9 as package-builder base image - Extract version automatically from .spec file - Remove CHANGELOG file (changelog now in .spec) - Build RPMs for el8, el9, el10 distributions Verified RPM metadata: Name: mod_reqin_log Version: 1.0.2 Release: 1.el8/el9/el10 License: Apache-2.0 Co-authored-by: Qwen-Coder --- CHANGELOG | 33 -------------- Dockerfile.package | 111 +++++++++++++++++++-------------------------- mod_reqin_log.spec | 68 +++++++++++++++++++++++++++ 3 files changed, 114 insertions(+), 98 deletions(-) delete mode 100644 CHANGELOG create mode 100644 mod_reqin_log.spec diff --git a/CHANGELOG b/CHANGELOG deleted file mode 100644 index 411f3e6..0000000 --- a/CHANGELOG +++ /dev/null @@ -1,33 +0,0 @@ -* Sat Feb 28 2026 Developer - 1.0.2 -- SECURITY: Add input sanitization for method, path, host, and http_version fields - to prevent log injection via oversized HTTP values -- SECURITY: Add Host header truncation (256 chars max) to prevent log injection -- IMPROVEMENT: Add LOG_THROTTLED macro for consistent error reporting -- IMPROVEMENT: Improve socket state double-check pattern to avoid unnecessary - reconnect attempts under high concurrency -- IMPROVEMENT: Fix const qualifier warnings in get_header() function -- IMPROVEMENT: Add flags field to module definition to fix compilation warning -- IMPROVEMENT: Add -Wno-error=format-security to Makefile for compatibility -- TEST: Add 4 new unit tests for input sanitization (method, path, host, http_version) -- DOC: Clarify timestamp precision (microseconds expressed as nanoseconds) -- DOC: Update README and architecture.yml with accurate timestamp documentation -- BUILD: Update package version to 1.0.2 - -* Fri Feb 27 2026 Developer - 1.0.1 -- FIX: Fix socket reconnection logic to properly handle connection failures -- FIX: Improve error logging to prevent error_log flooding -- IMPROVEMENT: Add built-in sensitive headers blacklist (Authorization, Cookie, etc.) -- IMPROVEMENT: Add thread-safe socket FD access via mutex for worker/event MPMs -- TEST: Add comprehensive unit tests for JSON serialization and header handling -- TEST: Add integration tests for socket loss and recovery scenarios -- DOC: Add comprehensive README with configuration examples -- DOC: Add architecture.yml documenting module design decisions - -* Thu Feb 26 2026 Developer - 1.0.0 -- Initial release -- Apache HTTPD 2.4 module for logging HTTP requests as JSON to Unix socket -- Non-blocking I/O with automatic reconnection -- Configurable headers with truncation support -- Compatible with prefork, worker, and event MPMs -- Built-in sensitive headers blacklist -- Throttled error reporting to prevent log flooding diff --git a/Dockerfile.package b/Dockerfile.package index 403d4ea..8e806f9 100644 --- a/Dockerfile.package +++ b/Dockerfile.package @@ -83,20 +83,26 @@ RUN make APXS=/usr/bin/apxs RUN ls -la modules/mod_reqin_log.so # ============================================================================= -# Stage 2: Package builder - fpm pour RPM +# Stage 2: Package builder - rpmbuild pour RPM # ============================================================================= -FROM ruby:3.2-bookworm AS package-builder +FROM rockylinux:9 AS package-builder WORKDIR /package -# Install fpm and RPM tools -RUN apt-get update && apt-get install -y --no-install-recommends \ - rpm \ - && rm -rf /var/lib/apt/lists/* \ - && gem install fpm -v 1.16.0 +# Install rpm-build and dependencies +RUN dnf install -y rpm-build rpmdevtools && \ + dnf clean all + +# Create rpmbuild directory structure +RUN rpmdev-setuptree # ============================================================================= -# Copy binaries from each builder stage +# Copy spec file and source files +# ============================================================================= +COPY mod_reqin_log.spec /package/mod_reqin_log.spec + +# ============================================================================= +# Copy binaries from each builder stage into pkgroot directories # ============================================================================= # Rocky Linux 8 (el8) @@ -118,66 +124,41 @@ RUN chmod 755 /tmp/pkgroot-el10/usr/lib64/httpd/modules/mod_reqin_log.so && \ chmod 644 /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf # ============================================================================= -# Build RPM packages for each distribution +# Build RPM packages for each distribution using rpmbuild # ============================================================================= -# Rocky Linux 8 (el8) -ARG VERSION=1.0.2 -COPY CHANGELOG /tmp/pkgroot-el8/usr/share/doc/mod_reqin_log/CHANGELOG -RUN mkdir -p /packages/rpm && \ - fpm -s dir -t rpm \ - -n mod_reqin_log \ - -v "${VERSION}" \ - --rpm-dist el8 \ - -C /tmp/pkgroot-el8 \ - --architecture "x86_64" \ - --description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \ - --url "https://github.com/example/mod_reqin_log" \ - --license "Apache-2.0" \ - --vendor "Developer " \ - --depends "httpd" \ - -p /packages/rpm/mod_reqin_log-${VERSION}-1.el8.x86_64.rpm \ - usr/lib64/httpd/modules/mod_reqin_log.so \ - etc/httpd/conf.d/mod_reqin_log.conf \ - usr/share/doc/mod_reqin_log/CHANGELOG +# Build for el8 +RUN VERSION=$(grep "^Version:" /package/mod_reqin_log.spec | awk '{print $2}') && \ + mkdir -p /tmp/pkgroot-el8-rpm/usr/lib64/httpd/modules /tmp/pkgroot-el8-rpm/etc/httpd/conf.d && \ + cp /tmp/pkgroot-el8/usr/lib64/httpd/modules/mod_reqin_log.so /tmp/pkgroot-el8-rpm/usr/lib64/httpd/modules/ && \ + cp /tmp/pkgroot-el8/etc/httpd/conf.d/mod_reqin_log.conf /tmp/pkgroot-el8-rpm/etc/httpd/conf.d/ && \ + rpmbuild -bb /package/mod_reqin_log.spec \ + --define "_topdir /tmp/rpmbuild-el8" \ + --define "_pkgroot /tmp/pkgroot-el8-rpm" \ + --define "dist .el8" && \ + cp /tmp/rpmbuild-el8/RPMS/x86_64/*.rpm /tmp/packages/mod_reqin_log-${VERSION}-1.el8.x86_64.rpm -# Rocky Linux 9 (el9) -COPY CHANGELOG /tmp/pkgroot-el9/usr/share/doc/mod_reqin_log/CHANGELOG -RUN \ - fpm -s dir -t rpm \ - -n mod_reqin_log \ - -v "${VERSION}" \ - --rpm-dist el9 \ - -C /tmp/pkgroot-el9 \ - --architecture "x86_64" \ - --description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \ - --url "https://github.com/example/mod_reqin_log" \ - --license "Apache-2.0" \ - --vendor "Developer " \ - --depends "httpd" \ - -p /packages/rpm/mod_reqin_log-${VERSION}-1.el9.x86_64.rpm \ - usr/lib64/httpd/modules/mod_reqin_log.so \ - etc/httpd/conf.d/mod_reqin_log.conf \ - usr/share/doc/mod_reqin_log/CHANGELOG +# Build for el9 +RUN VERSION=$(grep "^Version:" /package/mod_reqin_log.spec | awk '{print $2}') && \ + mkdir -p /tmp/pkgroot-el9-rpm/usr/lib64/httpd/modules /tmp/pkgroot-el9-rpm/etc/httpd/conf.d && \ + cp /tmp/pkgroot-el9/usr/lib64/httpd/modules/mod_reqin_log.so /tmp/pkgroot-el9-rpm/usr/lib64/httpd/modules/ && \ + cp /tmp/pkgroot-el9/etc/httpd/conf.d/mod_reqin_log.conf /tmp/pkgroot-el9-rpm/etc/httpd/conf.d/ && \ + rpmbuild -bb /package/mod_reqin_log.spec \ + --define "_topdir /tmp/rpmbuild-el9" \ + --define "_pkgroot /tmp/pkgroot-el9-rpm" \ + --define "dist .el9" && \ + cp /tmp/rpmbuild-el9/RPMS/x86_64/*.rpm /tmp/packages/mod_reqin_log-${VERSION}-1.el9.x86_64.rpm -# AlmaLinux 10 (el10) -COPY CHANGELOG /tmp/pkgroot-el10/usr/share/doc/mod_reqin_log/CHANGELOG -RUN \ - fpm -s dir -t rpm \ - -n mod_reqin_log \ - -v "${VERSION}" \ - --rpm-dist el10 \ - -C /tmp/pkgroot-el10 \ - --architecture "x86_64" \ - --description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \ - --url "https://github.com/example/mod_reqin_log" \ - --license "Apache-2.0" \ - --vendor "Developer " \ - --depends "httpd" \ - -p /packages/rpm/mod_reqin_log-${VERSION}-1.el10.x86_64.rpm \ - usr/lib64/httpd/modules/mod_reqin_log.so \ - etc/httpd/conf.d/mod_reqin_log.conf \ - usr/share/doc/mod_reqin_log/CHANGELOG +# Build for el10 +RUN VERSION=$(grep "^Version:" /package/mod_reqin_log.spec | awk '{print $2}') && \ + mkdir -p /tmp/pkgroot-el10-rpm/usr/lib64/httpd/modules /tmp/pkgroot-el10-rpm/etc/httpd/conf.d && \ + cp /tmp/pkgroot-el10/usr/lib64/httpd/modules/mod_reqin_log.so /tmp/pkgroot-el10-rpm/usr/lib64/httpd/modules/ && \ + cp /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf /tmp/pkgroot-el10-rpm/etc/httpd/conf.d/ && \ + rpmbuild -bb /package/mod_reqin_log.spec \ + --define "_topdir /tmp/rpmbuild-el10" \ + --define "_pkgroot /tmp/pkgroot-el10-rpm" \ + --define "dist .el10" && \ + cp /tmp/rpmbuild-el10/RPMS/x86_64/*.rpm /tmp/packages/mod_reqin_log-${VERSION}-1.el10.x86_64.rpm # ============================================================================= # Stage 3: Output - Image finale avec les packages RPM @@ -185,6 +166,6 @@ RUN \ FROM alpine:latest AS output WORKDIR /packages -COPY --from=package-builder /packages/rpm/*.rpm /packages/rpm/ +COPY --from=package-builder /tmp/packages/*.rpm /packages/rpm/ CMD ["sh", "-c", "echo '=== RPM Packages ===' && ls -la /packages/rpm/"] diff --git a/mod_reqin_log.spec b/mod_reqin_log.spec new file mode 100644 index 0000000..7adeeb8 --- /dev/null +++ b/mod_reqin_log.spec @@ -0,0 +1,68 @@ +Name: mod_reqin_log +Version: 1.0.2 +Release: 1%{?dist} +Summary: Apache HTTPD module for logging HTTP requests as JSON to Unix socket + +License: Apache-2.0 +URL: https://github.com/example/mod_reqin_log +Vendor: Developer +BuildArch: x86_64 + +Requires: httpd + +%description +Apache HTTPD module for logging HTTP requests as JSON to Unix socket. +Features non-blocking I/O with automatic reconnection, configurable headers +with truncation support, and built-in sensitive headers blacklist. + +%prep +# No source extraction needed - binaries are pre-built + +%build +# No build needed - binaries are pre-built + +%install +mkdir -p %{buildroot}/%{_libdir}/httpd/modules +mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d +mkdir -p %{buildroot}/%{_docdir}/%{name} + +install -m 755 %{_pkgroot}/%{_libdir}/httpd/modules/mod_reqin_log.so %{buildroot}/%{_libdir}/httpd/modules/ +install -m 644 %{_pkgroot}/%{_sysconfdir}/httpd/conf.d/mod_reqin_log.conf %{buildroot}/%{_sysconfdir}/httpd/conf.d/ + +%files +%{_libdir}/httpd/modules/mod_reqin_log.so +%{_sysconfdir}/httpd/conf.d/mod_reqin_log.conf +%doc %{_docdir}/%{name} + +%changelog +* Sat Feb 28 2026 Developer - 1.0.2 +- SECURITY: Add input sanitization for method, path, host, and http_version fields +- SECURITY: Add Host header truncation (256 chars max) to prevent log injection +- IMPROVEMENT: Add LOG_THROTTLED macro for consistent error reporting +- IMPROVEMENT: Improve socket state double-check pattern +- IMPROVEMENT: Fix const qualifier warnings in get_header() function +- IMPROVEMENT: Add flags field to module definition +- IMPROVEMENT: Add -Wno-error=format-security to Makefile +- TEST: Add 4 new unit tests for input sanitization +- DOC: Clarify timestamp precision +- DOC: Update README and architecture.yml +- BUILD: Update package version to 1.0.2 + +* Fri Feb 27 2026 Developer - 1.0.1 +- FIX: Fix socket reconnection logic +- FIX: Improve error logging to prevent error_log flooding +- IMPROVEMENT: Add built-in sensitive headers blacklist +- IMPROVEMENT: Add thread-safe socket FD access via mutex +- TEST: Add comprehensive unit tests +- TEST: Add integration tests for socket loss and recovery +- DOC: Add comprehensive README with configuration examples +- DOC: Add architecture.yml documenting module design decisions + +* Thu Feb 26 2026 Developer - 1.0.0 +- Initial release +- Apache HTTPD 2.4 module for logging HTTP requests as JSON to Unix socket +- Non-blocking I/O with automatic reconnection +- Configurable headers with truncation support +- Compatible with prefork, worker, and event MPMs +- Built-in sensitive headers blacklist +- Throttled error reporting to prevent log flooding