code_public/mod_reqin_log
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

build: migrate RPM packaging from fpm to rpmbuild with .spec file

Browse Source 
- Replace fpm with rpmbuild for standard RPM packaging
- Add mod_reqin_log.spec file with Version, %install, %files, %changelog
- Use Rocky Linux 9 as package-builder base image
- Extract version automatically from .spec file
- Remove CHANGELOG file (changelog now in .spec)
- Build RPMs for el8, el9, el10 distributions

Verified RPM metadata:
  Name: mod_reqin_log
  Version: 1.0.2
  Release: 1.el8/el9/el10
  License: Apache-2.0

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
This commit is contained in:
Jacquin Antoine
2026-03-01 00:12:22 +01:00
parent 3418cbcbbb
commit 8b381c7feb
3 changed files with 114 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
CHANGELOG
View File

@ -1,33 +0,0 @@
* Sat Feb 28 2026 Developer <dev@example.com> - 1.0.2
- SECURITY: Add input sanitization for method, path, host, and http_version fields
to prevent log injection via oversized HTTP values
- SECURITY: Add Host header truncation (256 chars max) to prevent log injection
- IMPROVEMENT: Add LOG_THROTTLED macro for consistent error reporting
- IMPROVEMENT: Improve socket state double-check pattern to avoid unnecessary
reconnect attempts under high concurrency
- IMPROVEMENT: Fix const qualifier warnings in get_header() function
- IMPROVEMENT: Add flags field to module definition to fix compilation warning
- IMPROVEMENT: Add -Wno-error=format-security to Makefile for compatibility
- TEST: Add 4 new unit tests for input sanitization (method, path, host, http_version)
- DOC: Clarify timestamp precision (microseconds expressed as nanoseconds)
- DOC: Update README and architecture.yml with accurate timestamp documentation
- BUILD: Update package version to 1.0.2
* Fri Feb 27 2026 Developer <dev@example.com> - 1.0.1
- FIX: Fix socket reconnection logic to properly handle connection failures
- FIX: Improve error logging to prevent error_log flooding
- IMPROVEMENT: Add built-in sensitive headers blacklist (Authorization, Cookie, etc.)
- IMPROVEMENT: Add thread-safe socket FD access via mutex for worker/event MPMs
- TEST: Add comprehensive unit tests for JSON serialization and header handling
- TEST: Add integration tests for socket loss and recovery scenarios
- DOC: Add comprehensive README with configuration examples
- DOC: Add architecture.yml documenting module design decisions
* Thu Feb 26 2026 Developer <dev@example.com> - 1.0.0
- Initial release
- Apache HTTPD 2.4 module for logging HTTP requests as JSON to Unix socket
- Non-blocking I/O with automatic reconnection
- Configurable headers with truncation support
- Compatible with prefork, worker, and event MPMs
- Built-in sensitive headers blacklist
- Throttled error reporting to prevent log flooding

111
Dockerfile.package
View File

@ -83,20 +83,26 @@ RUN make APXS=/usr/bin/apxs
RUN ls -la modules/mod_reqin_log.so RUN ls -la modules/mod_reqin_log.so
# ============================================================================= # =============================================================================
# Stage 2: Package builder - fpm pour RPM # Stage 2: Package builder - rpmbuild pour RPM
# ============================================================================= # =============================================================================
FROM ruby:3.2-bookworm AS package-builder FROM rockylinux:9 AS package-builder
WORKDIR /package WORKDIR /package
# Install fpm and RPM tools # Install rpm-build and dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \ RUN dnf install -y rpm-build rpmdevtools && \
rpm \ dnf clean all
&& rm -rf /var/lib/apt/lists/* \
&& gem install fpm -v 1.16.0 # Create rpmbuild directory structure
RUN rpmdev-setuptree
# ============================================================================= # =============================================================================
# Copy binaries from each builder stage # Copy spec file and source files
# =============================================================================
COPY mod_reqin_log.spec /package/mod_reqin_log.spec
# =============================================================================
# Copy binaries from each builder stage into pkgroot directories
# ============================================================================= # =============================================================================
# Rocky Linux 8 (el8) # Rocky Linux 8 (el8)
@ -118,66 +124,41 @@ RUN chmod 755 /tmp/pkgroot-el10/usr/lib64/httpd/modules/mod_reqin_log.so && \
chmod 644 /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf chmod 644 /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf
# ============================================================================= # =============================================================================
# Build RPM packages for each distribution # Build RPM packages for each distribution using rpmbuild
# ============================================================================= # =============================================================================
# Rocky Linux 8 (el8) # Build for el8
ARG VERSION=1.0.2 RUN VERSION=$(grep "^Version:" /package/mod_reqin_log.spec | awk '{print $2}') && \
COPY CHANGELOG /tmp/pkgroot-el8/usr/share/doc/mod_reqin_log/CHANGELOG mkdir -p /tmp/pkgroot-el8-rpm/usr/lib64/httpd/modules /tmp/pkgroot-el8-rpm/etc/httpd/conf.d && \
RUN mkdir -p /packages/rpm && \ cp /tmp/pkgroot-el8/usr/lib64/httpd/modules/mod_reqin_log.so /tmp/pkgroot-el8-rpm/usr/lib64/httpd/modules/ && \
fpm -s dir -t rpm \ cp /tmp/pkgroot-el8/etc/httpd/conf.d/mod_reqin_log.conf /tmp/pkgroot-el8-rpm/etc/httpd/conf.d/ && \
-n mod_reqin_log \ rpmbuild -bb /package/mod_reqin_log.spec \
-v "${VERSION}" \ --define "_topdir /tmp/rpmbuild-el8" \
--rpm-dist el8 \ --define "_pkgroot /tmp/pkgroot-el8-rpm" \
-C /tmp/pkgroot-el8 \ --define "dist .el8" && \
--architecture "x86_64" \ cp /tmp/rpmbuild-el8/RPMS/x86_64/*.rpm /tmp/packages/mod_reqin_log-${VERSION}-1.el8.x86_64.rpm
--description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \
--url "https://github.com/example/mod_reqin_log" \
--license "Apache-2.0" \
--vendor "Developer <dev@example.com>" \
--depends "httpd" \
-p /packages/rpm/mod_reqin_log-${VERSION}-1.el8.x86_64.rpm \
usr/lib64/httpd/modules/mod_reqin_log.so \
etc/httpd/conf.d/mod_reqin_log.conf \
usr/share/doc/mod_reqin_log/CHANGELOG
# Rocky Linux 9 (el9) # Build for el9
COPY CHANGELOG /tmp/pkgroot-el9/usr/share/doc/mod_reqin_log/CHANGELOG RUN VERSION=$(grep "^Version:" /package/mod_reqin_log.spec | awk '{print $2}') && \
RUN \ mkdir -p /tmp/pkgroot-el9-rpm/usr/lib64/httpd/modules /tmp/pkgroot-el9-rpm/etc/httpd/conf.d && \
fpm -s dir -t rpm \ cp /tmp/pkgroot-el9/usr/lib64/httpd/modules/mod_reqin_log.so /tmp/pkgroot-el9-rpm/usr/lib64/httpd/modules/ && \
-n mod_reqin_log \ cp /tmp/pkgroot-el9/etc/httpd/conf.d/mod_reqin_log.conf /tmp/pkgroot-el9-rpm/etc/httpd/conf.d/ && \
-v "${VERSION}" \ rpmbuild -bb /package/mod_reqin_log.spec \
--rpm-dist el9 \ --define "_topdir /tmp/rpmbuild-el9" \
-C /tmp/pkgroot-el9 \ --define "_pkgroot /tmp/pkgroot-el9-rpm" \
--architecture "x86_64" \ --define "dist .el9" && \
--description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \ cp /tmp/rpmbuild-el9/RPMS/x86_64/*.rpm /tmp/packages/mod_reqin_log-${VERSION}-1.el9.x86_64.rpm
--url "https://github.com/example/mod_reqin_log" \
--license "Apache-2.0" \
--vendor "Developer <dev@example.com>" \
--depends "httpd" \
-p /packages/rpm/mod_reqin_log-${VERSION}-1.el9.x86_64.rpm \
usr/lib64/httpd/modules/mod_reqin_log.so \
etc/httpd/conf.d/mod_reqin_log.conf \
usr/share/doc/mod_reqin_log/CHANGELOG
# AlmaLinux 10 (el10) # Build for el10
COPY CHANGELOG /tmp/pkgroot-el10/usr/share/doc/mod_reqin_log/CHANGELOG RUN VERSION=$(grep "^Version:" /package/mod_reqin_log.spec | awk '{print $2}') && \
RUN \ mkdir -p /tmp/pkgroot-el10-rpm/usr/lib64/httpd/modules /tmp/pkgroot-el10-rpm/etc/httpd/conf.d && \
fpm -s dir -t rpm \ cp /tmp/pkgroot-el10/usr/lib64/httpd/modules/mod_reqin_log.so /tmp/pkgroot-el10-rpm/usr/lib64/httpd/modules/ && \
-n mod_reqin_log \ cp /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf /tmp/pkgroot-el10-rpm/etc/httpd/conf.d/ && \
-v "${VERSION}" \ rpmbuild -bb /package/mod_reqin_log.spec \
--rpm-dist el10 \ --define "_topdir /tmp/rpmbuild-el10" \
-C /tmp/pkgroot-el10 \ --define "_pkgroot /tmp/pkgroot-el10-rpm" \
--architecture "x86_64" \ --define "dist .el10" && \
--description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \ cp /tmp/rpmbuild-el10/RPMS/x86_64/*.rpm /tmp/packages/mod_reqin_log-${VERSION}-1.el10.x86_64.rpm
--url "https://github.com/example/mod_reqin_log" \
--license "Apache-2.0" \
--vendor "Developer <dev@example.com>" \
--depends "httpd" \
-p /packages/rpm/mod_reqin_log-${VERSION}-1.el10.x86_64.rpm \
usr/lib64/httpd/modules/mod_reqin_log.so \
etc/httpd/conf.d/mod_reqin_log.conf \
usr/share/doc/mod_reqin_log/CHANGELOG
# ============================================================================= # =============================================================================
# Stage 3: Output - Image finale avec les packages RPM # Stage 3: Output - Image finale avec les packages RPM
@ -185,6 +166,6 @@ RUN \
FROM alpine:latest AS output FROM alpine:latest AS output
WORKDIR /packages WORKDIR /packages
COPY --from=package-builder /packages/rpm/*.rpm /packages/rpm/ COPY --from=package-builder /tmp/packages/*.rpm /packages/rpm/
CMD ["sh", "-c", "echo '=== RPM Packages ===' && ls -la /packages/rpm/"] CMD ["sh", "-c", "echo '=== RPM Packages ===' && ls -la /packages/rpm/"]

68
mod_reqin_log.spec Normal file
View File

@ -0,0 +1,68 @@
Name: mod_reqin_log
Version: 1.0.2
Release: 1%{?dist}
Summary: Apache HTTPD module for logging HTTP requests as JSON to Unix socket
License: Apache-2.0
URL: https://github.com/example/mod_reqin_log
Vendor: Developer <dev@example.com>
BuildArch: x86_64
Requires: httpd
%description
Apache HTTPD module for logging HTTP requests as JSON to Unix socket.
Features non-blocking I/O with automatic reconnection, configurable headers
with truncation support, and built-in sensitive headers blacklist.
%prep
# No source extraction needed - binaries are pre-built
%build
# No build needed - binaries are pre-built
%install
mkdir -p %{buildroot}/%{_libdir}/httpd/modules
mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d
mkdir -p %{buildroot}/%{_docdir}/%{name}
install -m 755 %{_pkgroot}/%{_libdir}/httpd/modules/mod_reqin_log.so %{buildroot}/%{_libdir}/httpd/modules/
install -m 644 %{_pkgroot}/%{_sysconfdir}/httpd/conf.d/mod_reqin_log.conf %{buildroot}/%{_sysconfdir}/httpd/conf.d/
%files
%{_libdir}/httpd/modules/mod_reqin_log.so
%{_sysconfdir}/httpd/conf.d/mod_reqin_log.conf
%doc %{_docdir}/%{name}
%changelog
* Sat Feb 28 2026 Developer <dev@example.com> - 1.0.2
- SECURITY: Add input sanitization for method, path, host, and http_version fields
- SECURITY: Add Host header truncation (256 chars max) to prevent log injection
- IMPROVEMENT: Add LOG_THROTTLED macro for consistent error reporting
- IMPROVEMENT: Improve socket state double-check pattern
- IMPROVEMENT: Fix const qualifier warnings in get_header() function
- IMPROVEMENT: Add flags field to module definition
- IMPROVEMENT: Add -Wno-error=format-security to Makefile
- TEST: Add 4 new unit tests for input sanitization
- DOC: Clarify timestamp precision
- DOC: Update README and architecture.yml
- BUILD: Update package version to 1.0.2
* Fri Feb 27 2026 Developer <dev@example.com> - 1.0.1
- FIX: Fix socket reconnection logic
- FIX: Improve error logging to prevent error_log flooding
- IMPROVEMENT: Add built-in sensitive headers blacklist
- IMPROVEMENT: Add thread-safe socket FD access via mutex
- TEST: Add comprehensive unit tests
- TEST: Add integration tests for socket loss and recovery
- DOC: Add comprehensive README with configuration examples
- DOC: Add architecture.yml documenting module design decisions
* Thu Feb 26 2026 Developer <dev@example.com> - 1.0.0
- Initial release
- Apache HTTPD 2.4 module for logging HTTP requests as JSON to Unix socket
- Non-blocking I/O with automatic reconnection
- Configurable headers with truncation support
- Compatible with prefork, worker, and event MPMs
- Built-in sensitive headers blacklist
- Throttled error reporting to prevent log flooding