build: migrate RPM packaging from fpm to rpmbuild with .spec file

- Replace fpm with rpmbuild for standard RPM packaging - Add mod_reqin_log.spec file with Version, %install, %files, %changelog - Use Rocky Linux 9 as package-builder base image - Extract version automatically from .spec file - Remove CHANGELOG file (changelog now in .spec) - Build RPMs for el8, el9, el10 distributions Verified RPM metadata: Name: mod_reqin_log Version: 1.0.2 Release: 1.el8/el9/el10 License: Apache-2.0 Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-03-01 00:12:22 +01:00
parent 3418cbcbbb
commit 8b381c7feb
3 changed files with 114 additions and 98 deletions
--- a/33
+++ b/33
@ -1,33 +0,0 @@
-* Sat Feb 28 2026 Developer <dev@example.com> - 1.0.2
- SECURITY: Add input sanitization for method, path, host, and http_version fields
-  to prevent log injection via oversized HTTP values
- SECURITY: Add Host header truncation (256 chars max) to prevent log injection
- IMPROVEMENT: Add LOG_THROTTLED macro for consistent error reporting
- IMPROVEMENT: Improve socket state double-check pattern to avoid unnecessary
-  reconnect attempts under high concurrency
- IMPROVEMENT: Fix const qualifier warnings in get_header() function
- IMPROVEMENT: Add flags field to module definition to fix compilation warning
- IMPROVEMENT: Add -Wno-error=format-security to Makefile for compatibility
- TEST: Add 4 new unit tests for input sanitization (method, path, host, http_version)
- DOC: Clarify timestamp precision (microseconds expressed as nanoseconds)
- DOC: Update README and architecture.yml with accurate timestamp documentation
- BUILD: Update package version to 1.0.2
-
-* Fri Feb 27 2026 Developer <dev@example.com> - 1.0.1
- FIX: Fix socket reconnection logic to properly handle connection failures
- FIX: Improve error logging to prevent error_log flooding
- IMPROVEMENT: Add built-in sensitive headers blacklist (Authorization, Cookie, etc.)
- IMPROVEMENT: Add thread-safe socket FD access via mutex for worker/event MPMs
- TEST: Add comprehensive unit tests for JSON serialization and header handling
- TEST: Add integration tests for socket loss and recovery scenarios
- DOC: Add comprehensive README with configuration examples
- DOC: Add architecture.yml documenting module design decisions
-
-* Thu Feb 26 2026 Developer <dev@example.com> - 1.0.0
- Initial release
- Apache HTTPD 2.4 module for logging HTTP requests as JSON to Unix socket
- Non-blocking I/O with automatic reconnection
- Configurable headers with truncation support
- Compatible with prefork, worker, and event MPMs
- Built-in sensitive headers blacklist
- Throttled error reporting to prevent log flooding
--- a/Dockerfile.package
+++ b/Dockerfile.package
@ -83,20 +83,26 @@ RUN make APXS=/usr/bin/apxs
 RUN ls -la modules/mod_reqin_log.so

 # =============================================================================
-# Stage 2: Package builder - fpm pour RPM
+# Stage 2: Package builder - rpmbuild pour RPM
 # =============================================================================
-FROM ruby:3.2-bookworm AS package-builder
+FROM rockylinux:9 AS package-builder

 WORKDIR /package

-# Install fpm and RPM tools
-RUN apt-get update && apt-get install -y --no-install-recommends \
-    rpm \
-    && rm -rf /var/lib/apt/lists/* \
-    && gem install fpm -v 1.16.0
+# Install rpm-build and dependencies
+RUN dnf install -y rpm-build rpmdevtools && \
+    dnf clean all
+
+# Create rpmbuild directory structure
+RUN rpmdev-setuptree

 # =============================================================================
-# Copy binaries from each builder stage
+# Copy spec file and source files
+# =============================================================================
+COPY mod_reqin_log.spec /package/mod_reqin_log.spec
+
+# =============================================================================
+# Copy binaries from each builder stage into pkgroot directories
 # =============================================================================

 # Rocky Linux 8 (el8)
@ -118,66 +124,41 @@ RUN chmod 755 /tmp/pkgroot-el10/usr/lib64/httpd/modules/mod_reqin_log.so && \
    chmod 644 /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf

 # =============================================================================
-# Build RPM packages for each distribution
+# Build RPM packages for each distribution using rpmbuild
 # =============================================================================

-# Rocky Linux 8 (el8)
-ARG VERSION=1.0.2
-COPY CHANGELOG /tmp/pkgroot-el8/usr/share/doc/mod_reqin_log/CHANGELOG
-RUN mkdir -p /packages/rpm && \
-    fpm -s dir -t rpm \
-    -n mod_reqin_log \
-    -v "${VERSION}" \
-    --rpm-dist el8 \
-    -C /tmp/pkgroot-el8 \
-    --architecture "x86_64" \
-    --description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \
-    --url "https://github.com/example/mod_reqin_log" \
-    --license "Apache-2.0" \
-    --vendor "Developer <dev@example.com>" \
-    --depends "httpd" \
-    -p /packages/rpm/mod_reqin_log-${VERSION}-1.el8.x86_64.rpm \
-    usr/lib64/httpd/modules/mod_reqin_log.so \
-    etc/httpd/conf.d/mod_reqin_log.conf \
-    usr/share/doc/mod_reqin_log/CHANGELOG
+# Build for el8
+RUN VERSION=$(grep "^Version:" /package/mod_reqin_log.spec | awk '{print $2}') && \
+    mkdir -p /tmp/pkgroot-el8-rpm/usr/lib64/httpd/modules /tmp/pkgroot-el8-rpm/etc/httpd/conf.d && \
+    cp /tmp/pkgroot-el8/usr/lib64/httpd/modules/mod_reqin_log.so /tmp/pkgroot-el8-rpm/usr/lib64/httpd/modules/ && \
+    cp /tmp/pkgroot-el8/etc/httpd/conf.d/mod_reqin_log.conf /tmp/pkgroot-el8-rpm/etc/httpd/conf.d/ && \
+    rpmbuild -bb /package/mod_reqin_log.spec \
+        --define "_topdir /tmp/rpmbuild-el8" \
+        --define "_pkgroot /tmp/pkgroot-el8-rpm" \
+        --define "dist .el8" && \
+    cp /tmp/rpmbuild-el8/RPMS/x86_64/*.rpm /tmp/packages/mod_reqin_log-${VERSION}-1.el8.x86_64.rpm

-# Rocky Linux 9 (el9)
-COPY CHANGELOG /tmp/pkgroot-el9/usr/share/doc/mod_reqin_log/CHANGELOG
-RUN \
-    fpm -s dir -t rpm \
-    -n mod_reqin_log \
-    -v "${VERSION}" \
-    --rpm-dist el9 \
-    -C /tmp/pkgroot-el9 \
-    --architecture "x86_64" \
-    --description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \
-    --url "https://github.com/example/mod_reqin_log" \
-    --license "Apache-2.0" \
-    --vendor "Developer <dev@example.com>" \
-    --depends "httpd" \
-    -p /packages/rpm/mod_reqin_log-${VERSION}-1.el9.x86_64.rpm \
-    usr/lib64/httpd/modules/mod_reqin_log.so \
-    etc/httpd/conf.d/mod_reqin_log.conf \
-    usr/share/doc/mod_reqin_log/CHANGELOG
+# Build for el9
+RUN VERSION=$(grep "^Version:" /package/mod_reqin_log.spec | awk '{print $2}') && \
+    mkdir -p /tmp/pkgroot-el9-rpm/usr/lib64/httpd/modules /tmp/pkgroot-el9-rpm/etc/httpd/conf.d && \
+    cp /tmp/pkgroot-el9/usr/lib64/httpd/modules/mod_reqin_log.so /tmp/pkgroot-el9-rpm/usr/lib64/httpd/modules/ && \
+    cp /tmp/pkgroot-el9/etc/httpd/conf.d/mod_reqin_log.conf /tmp/pkgroot-el9-rpm/etc/httpd/conf.d/ && \
+    rpmbuild -bb /package/mod_reqin_log.spec \
+        --define "_topdir /tmp/rpmbuild-el9" \
+        --define "_pkgroot /tmp/pkgroot-el9-rpm" \
+        --define "dist .el9" && \
+    cp /tmp/rpmbuild-el9/RPMS/x86_64/*.rpm /tmp/packages/mod_reqin_log-${VERSION}-1.el9.x86_64.rpm

-# AlmaLinux 10 (el10)
-COPY CHANGELOG /tmp/pkgroot-el10/usr/share/doc/mod_reqin_log/CHANGELOG
-RUN \
-    fpm -s dir -t rpm \
-    -n mod_reqin_log \
-    -v "${VERSION}" \
-    --rpm-dist el10 \
-    -C /tmp/pkgroot-el10 \
-    --architecture "x86_64" \
-    --description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \
-    --url "https://github.com/example/mod_reqin_log" \
-    --license "Apache-2.0" \
-    --vendor "Developer <dev@example.com>" \
-    --depends "httpd" \
-    -p /packages/rpm/mod_reqin_log-${VERSION}-1.el10.x86_64.rpm \
-    usr/lib64/httpd/modules/mod_reqin_log.so \
-    etc/httpd/conf.d/mod_reqin_log.conf \
-    usr/share/doc/mod_reqin_log/CHANGELOG
+# Build for el10
+RUN VERSION=$(grep "^Version:" /package/mod_reqin_log.spec | awk '{print $2}') && \
+    mkdir -p /tmp/pkgroot-el10-rpm/usr/lib64/httpd/modules /tmp/pkgroot-el10-rpm/etc/httpd/conf.d && \
+    cp /tmp/pkgroot-el10/usr/lib64/httpd/modules/mod_reqin_log.so /tmp/pkgroot-el10-rpm/usr/lib64/httpd/modules/ && \
+    cp /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf /tmp/pkgroot-el10-rpm/etc/httpd/conf.d/ && \
+    rpmbuild -bb /package/mod_reqin_log.spec \
+        --define "_topdir /tmp/rpmbuild-el10" \
+        --define "_pkgroot /tmp/pkgroot-el10-rpm" \
+        --define "dist .el10" && \
+    cp /tmp/rpmbuild-el10/RPMS/x86_64/*.rpm /tmp/packages/mod_reqin_log-${VERSION}-1.el10.x86_64.rpm

 # =============================================================================
 # Stage 3: Output - Image finale avec les packages RPM
@ -185,6 +166,6 @@ RUN \
 FROM alpine:latest AS output

 WORKDIR /packages
-COPY --from=package-builder /packages/rpm/*.rpm /packages/rpm/
+COPY --from=package-builder /tmp/packages/*.rpm /packages/rpm/

 CMD ["sh", "-c", "echo '=== RPM Packages ===' && ls -la /packages/rpm/"]
--- a/mod_reqin_log.spec
+++ b/mod_reqin_log.spec
@ -0,0 +1,68 @@
+Name:           mod_reqin_log
+Version:        1.0.2
+Release:        1%{?dist}
+Summary:        Apache HTTPD module for logging HTTP requests as JSON to Unix socket
+
+License:        Apache-2.0
+URL:            https://github.com/example/mod_reqin_log
+Vendor:         Developer <dev@example.com>
+BuildArch:      x86_64
+
+Requires:       httpd
+
+%description
+Apache HTTPD module for logging HTTP requests as JSON to Unix socket.
+Features non-blocking I/O with automatic reconnection, configurable headers
+with truncation support, and built-in sensitive headers blacklist.
+
+%prep
+# No source extraction needed - binaries are pre-built
+
+%build
+# No build needed - binaries are pre-built
+
+%install
+mkdir -p %{buildroot}/%{_libdir}/httpd/modules
+mkdir -p %{buildroot}/%{_sysconfdir}/httpd/conf.d
+mkdir -p %{buildroot}/%{_docdir}/%{name}
+
+install -m 755 %{_pkgroot}/%{_libdir}/httpd/modules/mod_reqin_log.so %{buildroot}/%{_libdir}/httpd/modules/
+install -m 644 %{_pkgroot}/%{_sysconfdir}/httpd/conf.d/mod_reqin_log.conf %{buildroot}/%{_sysconfdir}/httpd/conf.d/
+
+%files
+%{_libdir}/httpd/modules/mod_reqin_log.so
+%{_sysconfdir}/httpd/conf.d/mod_reqin_log.conf
+%doc %{_docdir}/%{name}
+
+%changelog
+* Sat Feb 28 2026 Developer <dev@example.com> - 1.0.2
+- SECURITY: Add input sanitization for method, path, host, and http_version fields
+- SECURITY: Add Host header truncation (256 chars max) to prevent log injection
+- IMPROVEMENT: Add LOG_THROTTLED macro for consistent error reporting
+- IMPROVEMENT: Improve socket state double-check pattern
+- IMPROVEMENT: Fix const qualifier warnings in get_header() function
+- IMPROVEMENT: Add flags field to module definition
+- IMPROVEMENT: Add -Wno-error=format-security to Makefile
+- TEST: Add 4 new unit tests for input sanitization
+- DOC: Clarify timestamp precision
+- DOC: Update README and architecture.yml
+- BUILD: Update package version to 1.0.2
+
+* Fri Feb 27 2026 Developer <dev@example.com> - 1.0.1
+- FIX: Fix socket reconnection logic
+- FIX: Improve error logging to prevent error_log flooding
+- IMPROVEMENT: Add built-in sensitive headers blacklist
+- IMPROVEMENT: Add thread-safe socket FD access via mutex
+- TEST: Add comprehensive unit tests
+- TEST: Add integration tests for socket loss and recovery
+- DOC: Add comprehensive README with configuration examples
+- DOC: Add architecture.yml documenting module design decisions
+
+* Thu Feb 26 2026 Developer <dev@example.com> - 1.0.0
+- Initial release
+- Apache HTTPD 2.4 module for logging HTTP requests as JSON to Unix socket
+- Non-blocking I/O with automatic reconnection
+- Configurable headers with truncation support
+- Compatible with prefork, worker, and event MPMs
+- Built-in sensitive headers blacklist
+- Throttled error reporting to prevent log flooding