release: version 1.0.2 - Audit security fixes and RPM packaging

Security hardening: - Add input sanitization for method (32), path (2048), host (256), http_version (16) - Prevent log injection via oversized HTTP values - Add LOG_THROTTLED macro for consistent error reporting - Improve socket state double-check pattern to avoid unnecessary reconnects Code quality: - Fix const qualifier warnings in get_header() - Add flags field to module definition - Add -Wno-error=format-security for compatibility Documentation: - Clarify timestamp precision (microseconds expressed as nanoseconds) - Update README and architecture.yml Testing: - Add 4 unit tests for input sanitization - All 78 tests passing Packaging: - Remove DEB package support (RPM only: el8, el9, el10) - Add CHANGELOG file included in RPM packages - Bump version to 1.0.2 Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-02-28 21:45:06 +01:00
parent d0ca0a7e4c
commit c2e1221e5a
8 changed files with 223 additions and 140 deletions
--- a/Dockerfile.package
+++ b/Dockerfile.package
@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 # =============================================================================
-# mod_reqin_log - Dockerfile de packaging unifié (DEB + RPM avec fpm)
+# mod_reqin_log - Dockerfile de packaging RPM
 # Builds RPMs for multiple RHEL-compatible versions:
 #   - Rocky Linux 8 (el8) - RHEL 8 compatible
 #   - Rocky Linux 9 (el9) - RHEL 9 compatible
@ -83,19 +83,15 @@ RUN make APXS=/usr/bin/apxs
 RUN ls -la modules/mod_reqin_log.so

 # =============================================================================
-# Stage 2: Package builder - fpm pour DEB et RPM
+# Stage 2: Package builder - fpm pour RPM
 # =============================================================================
 FROM ruby:3.2-bookworm AS package-builder

 WORKDIR /package

-# Install fpm and Apache dev packages
+# Install fpm and RPM tools
 RUN apt-get update && apt-get install -y --no-install-recommends \
    rpm \
-    dpkg-dev \
-    fakeroot \
-    apache2-dev \
-    apache2 \
    && rm -rf /var/lib/apt/lists/* \
    && gem install fpm -v 1.16.0

@ -121,37 +117,13 @@ COPY --from=builder-el10 /build/conf/mod_reqin_log.conf /tmp/pkgroot-el10/etc/ht
 RUN chmod 755 /tmp/pkgroot-el10/usr/lib64/httpd/modules/mod_reqin_log.so && \
    chmod 644 /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf

-# DEB package (Debian paths)
-COPY --from=builder-el10 /build/modules/mod_reqin_log.so /tmp/pkgroot-deb/usr/lib/apache2/modules/mod_reqin_log.so
-COPY --from=builder-el10 /build/conf/mod_reqin_log.conf /tmp/pkgroot-deb/etc/apache2/conf-available/mod_reqin_log.conf
-RUN chmod 755 /tmp/pkgroot-deb/usr/lib/apache2/modules/mod_reqin_log.so && \
-    chmod 644 /tmp/pkgroot-deb/etc/apache2/conf-available/mod_reqin_log.conf
-
-# Build DEB package (for Debian/Ubuntu)
-ARG VERSION=1.0.0
-ARG ARCH=amd64
-RUN mkdir -p /packages/deb && \
-    fpm -s dir -t deb \
-    -n libapache2-mod-reqin-log \
-    -v "${VERSION}" \
-    -C /tmp/pkgroot-deb \
-    --architecture "${ARCH}" \
-    --description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \
-    --url "https://github.com/example/mod_reqin_log" \
-    --license "Apache-2.0" \
-    --vendor "Developer <dev@example.com>" \
-    --maintainer "Developer <dev@example.com>" \
-    --depends "apache2" \
-    -p /packages/deb/libapache2-mod-reqin-log_${VERSION}_${ARCH}.deb \
-    usr/lib/apache2/modules/mod_reqin_log.so \
-    etc/apache2/conf-available/mod_reqin_log.conf
-
 # =============================================================================
 # Build RPM packages for each distribution
 # =============================================================================

 # Rocky Linux 8 (el8)
-ARG VERSION=1.0.0
+ARG VERSION=1.0.2
+COPY CHANGELOG /tmp/pkgroot-el8/usr/share/doc/mod_reqin_log/CHANGELOG
 RUN mkdir -p /packages/rpm && \
    fpm -s dir -t rpm \
    -n mod_reqin_log \
@ -166,9 +138,11 @@ RUN mkdir -p /packages/rpm && \
    --depends "httpd" \
    -p /packages/rpm/mod_reqin_log-${VERSION}-1.el8.x86_64.rpm \
    usr/lib64/httpd/modules/mod_reqin_log.so \
-    etc/httpd/conf.d/mod_reqin_log.conf
+    etc/httpd/conf.d/mod_reqin_log.conf \
+    usr/share/doc/mod_reqin_log/CHANGELOG

 # Rocky Linux 9 (el9)
+COPY CHANGELOG /tmp/pkgroot-el9/usr/share/doc/mod_reqin_log/CHANGELOG
 RUN \
    fpm -s dir -t rpm \
    -n mod_reqin_log \
@ -183,9 +157,11 @@ RUN \
    --depends "httpd" \
    -p /packages/rpm/mod_reqin_log-${VERSION}-1.el9.x86_64.rpm \
    usr/lib64/httpd/modules/mod_reqin_log.so \
-    etc/httpd/conf.d/mod_reqin_log.conf
+    etc/httpd/conf.d/mod_reqin_log.conf \
+    usr/share/doc/mod_reqin_log/CHANGELOG

 # AlmaLinux 10 (el10)
+COPY CHANGELOG /tmp/pkgroot-el10/usr/share/doc/mod_reqin_log/CHANGELOG
 RUN \
    fpm -s dir -t rpm \
    -n mod_reqin_log \
@ -200,15 +176,15 @@ RUN \
    --depends "httpd" \
    -p /packages/rpm/mod_reqin_log-${VERSION}-1.el10.x86_64.rpm \
    usr/lib64/httpd/modules/mod_reqin_log.so \
-    etc/httpd/conf.d/mod_reqin_log.conf
+    etc/httpd/conf.d/mod_reqin_log.conf \
+    usr/share/doc/mod_reqin_log/CHANGELOG

 # =============================================================================
-# Stage 3: Output - Image finale avec les packages
+# Stage 3: Output - Image finale avec les packages RPM
 # =============================================================================
 FROM alpine:latest AS output

 WORKDIR /packages
-COPY --from=package-builder /packages/deb/*.deb /packages/deb/
 COPY --from=package-builder /packages/rpm/*.rpm /packages/rpm/

-CMD ["sh", "-c", "echo '=== DEB Packages ===' && ls -la /packages/deb/ && echo '' && echo '=== RPM Packages ===' && ls -la /packages/rpm/"]
+CMD ["sh", "-c", "echo '=== RPM Packages ===' && ls -la /packages/rpm/"]