code_public/mod_reqin_log
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c2e1221e5ac5dfb2a10406e04d397d0f8d0eb03e
mod_reqin_log/Dockerfile.package
Jacquin Antoine c2e1221e5a release: version 1.0.2 - Audit security fixes and RPM packaging 
Security hardening:
- Add input sanitization for method (32), path (2048), host (256), http_version (16)
- Prevent log injection via oversized HTTP values
- Add LOG_THROTTLED macro for consistent error reporting
- Improve socket state double-check pattern to avoid unnecessary reconnects

Code quality:
- Fix const qualifier warnings in get_header()
- Add flags field to module definition
- Add -Wno-error=format-security for compatibility

Documentation:
- Clarify timestamp precision (microseconds expressed as nanoseconds)
- Update README and architecture.yml

Testing:
- Add 4 unit tests for input sanitization
- All 78 tests passing

Packaging:
- Remove DEB package support (RPM only: el8, el9, el10)
- Add CHANGELOG file included in RPM packages
- Bump version to 1.0.2

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-02-28 21:45:06 +01:00

191 lines
6.6 KiB
Docker
Raw Blame History

# syntax=docker/dockerfile:1
# =============================================================================
# mod_reqin_log - Dockerfile de packaging RPM
# Builds RPMs for multiple RHEL-compatible versions:
# - Rocky Linux 8 (el8) - RHEL 8 compatible
# - Rocky Linux 9 (el9) - RHEL 9 compatible
# - AlmaLinux 10 (el10) - RHEL 10 compatible
# =============================================================================
# =============================================================================
# Stage 1a: Builder Rocky Linux 8
# =============================================================================
FROM rockylinux:8 AS builder-el8
RUN dnf install -y epel-release && \
dnf install -y --allowerasing \
gcc \
make \
httpd \
httpd-devel \
apr-devel \
apr-util-devel \
python3 \
curl \
redhat-rpm-config \
&& dnf clean all
WORKDIR /build
COPY src/ src/
COPY Makefile Makefile
COPY conf/ conf/
RUN make APXS=/usr/bin/apxs
RUN ls -la modules/mod_reqin_log.so
# =============================================================================
# Stage 1b: Builder Rocky Linux 9
# =============================================================================
FROM rockylinux:9 AS builder-el9
RUN dnf install -y epel-release && \
dnf install -y --allowerasing \
gcc \
make \
httpd \
httpd-devel \
apr-devel \
apr-util-devel \
python3 \
curl \
redhat-rpm-config \
&& dnf clean all
WORKDIR /build
COPY src/ src/
COPY Makefile Makefile
COPY conf/ conf/
RUN make APXS=/usr/bin/apxs
RUN ls -la modules/mod_reqin_log.so
# =============================================================================
# Stage 1c: Builder AlmaLinux 10 (RHEL 10 compatible)
# =============================================================================
FROM almalinux:10 AS builder-el10
RUN dnf install -y epel-release && \
dnf install -y --allowerasing \
gcc \
make \
httpd \
httpd-devel \
apr-devel \
apr-util-devel \
python3 \
curl \
redhat-rpm-config \
&& dnf clean all
WORKDIR /build
COPY src/ src/
COPY Makefile Makefile
COPY conf/ conf/
RUN make APXS=/usr/bin/apxs
RUN ls -la modules/mod_reqin_log.so
# =============================================================================
# Stage 2: Package builder - fpm pour RPM
# =============================================================================
FROM ruby:3.2-bookworm AS package-builder
WORKDIR /package
# Install fpm and RPM tools
RUN apt-get update && apt-get install -y --no-install-recommends \
rpm \
&& rm -rf /var/lib/apt/lists/* \
&& gem install fpm -v 1.16.0
# =============================================================================
# Copy binaries from each builder stage
# =============================================================================
# Rocky Linux 8 (el8)
COPY --from=builder-el8 /build/modules/mod_reqin_log.so /tmp/pkgroot-el8/usr/lib64/httpd/modules/mod_reqin_log.so
COPY --from=builder-el8 /build/conf/mod_reqin_log.conf /tmp/pkgroot-el8/etc/httpd/conf.d/mod_reqin_log.conf
RUN chmod 755 /tmp/pkgroot-el8/usr/lib64/httpd/modules/mod_reqin_log.so && \
chmod 644 /tmp/pkgroot-el8/etc/httpd/conf.d/mod_reqin_log.conf
# Rocky Linux 9 (el9)
COPY --from=builder-el9 /build/modules/mod_reqin_log.so /tmp/pkgroot-el9/usr/lib64/httpd/modules/mod_reqin_log.so
COPY --from=builder-el9 /build/conf/mod_reqin_log.conf /tmp/pkgroot-el9/etc/httpd/conf.d/mod_reqin_log.conf
RUN chmod 755 /tmp/pkgroot-el9/usr/lib64/httpd/modules/mod_reqin_log.so && \
chmod 644 /tmp/pkgroot-el9/etc/httpd/conf.d/mod_reqin_log.conf
# AlmaLinux 10 (el10)
COPY --from=builder-el10 /build/modules/mod_reqin_log.so /tmp/pkgroot-el10/usr/lib64/httpd/modules/mod_reqin_log.so
COPY --from=builder-el10 /build/conf/mod_reqin_log.conf /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf
RUN chmod 755 /tmp/pkgroot-el10/usr/lib64/httpd/modules/mod_reqin_log.so && \
chmod 644 /tmp/pkgroot-el10/etc/httpd/conf.d/mod_reqin_log.conf
# =============================================================================
# Build RPM packages for each distribution
# =============================================================================
# Rocky Linux 8 (el8)
ARG VERSION=1.0.2
COPY CHANGELOG /tmp/pkgroot-el8/usr/share/doc/mod_reqin_log/CHANGELOG
RUN mkdir -p /packages/rpm && \
fpm -s dir -t rpm \
-n mod_reqin_log \
-v "${VERSION}" \
--rpm-dist el8 \
-C /tmp/pkgroot-el8 \
--architecture "x86_64" \
--description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \
--url "https://github.com/example/mod_reqin_log" \
--license "Apache-2.0" \
--vendor "Developer <dev@example.com>" \
--depends "httpd" \
-p /packages/rpm/mod_reqin_log-${VERSION}-1.el8.x86_64.rpm \
usr/lib64/httpd/modules/mod_reqin_log.so \
etc/httpd/conf.d/mod_reqin_log.conf \
usr/share/doc/mod_reqin_log/CHANGELOG
# Rocky Linux 9 (el9)
COPY CHANGELOG /tmp/pkgroot-el9/usr/share/doc/mod_reqin_log/CHANGELOG
RUN \
fpm -s dir -t rpm \
-n mod_reqin_log \
-v "${VERSION}" \
--rpm-dist el9 \
-C /tmp/pkgroot-el9 \
--architecture "x86_64" \
--description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \
--url "https://github.com/example/mod_reqin_log" \
--license "Apache-2.0" \
--vendor "Developer <dev@example.com>" \
--depends "httpd" \
-p /packages/rpm/mod_reqin_log-${VERSION}-1.el9.x86_64.rpm \
usr/lib64/httpd/modules/mod_reqin_log.so \
etc/httpd/conf.d/mod_reqin_log.conf \
usr/share/doc/mod_reqin_log/CHANGELOG
# AlmaLinux 10 (el10)
COPY CHANGELOG /tmp/pkgroot-el10/usr/share/doc/mod_reqin_log/CHANGELOG
RUN \
fpm -s dir -t rpm \
-n mod_reqin_log \
-v "${VERSION}" \
--rpm-dist el10 \
-C /tmp/pkgroot-el10 \
--architecture "x86_64" \
--description "Apache HTTPD module for logging HTTP requests as JSON to Unix socket" \
--url "https://github.com/example/mod_reqin_log" \
--license "Apache-2.0" \
--vendor "Developer <dev@example.com>" \
--depends "httpd" \
-p /packages/rpm/mod_reqin_log-${VERSION}-1.el10.x86_64.rpm \
usr/lib64/httpd/modules/mod_reqin_log.so \
etc/httpd/conf.d/mod_reqin_log.conf \
usr/share/doc/mod_reqin_log/CHANGELOG
# =============================================================================
# Stage 3: Output - Image finale avec les packages RPM
# =============================================================================
FROM alpine:latest AS output
WORKDIR /packages
COPY --from=package-builder /packages/rpm/*.rpm /packages/rpm/
CMD ["sh", "-c", "echo '=== RPM Packages ===' && ls -la /packages/rpm/"]
Reference in New Issue View Git Blame Copy Permalink