From a452628cc701ed542bbf1272dc48616032acb644 Mon Sep 17 00:00:00 2001 From: Dragan Dosen Date: Thu, 28 Apr 2011 22:38:11 +0200 Subject: [PATCH] Prva inacica paketa za Debian squeeze distribuciju. --- debian/README.CARNet => README.CARNet | 4 +- debian/changelog | 10 ++ debian/changelog.CARNet | 1 - debian/compat | 2 +- debian/config | 47 +++---- debian/control | 12 +- debian/copyright | 7 + debian/docs | 3 +- debian/lintian-overrides | 1 + debian/po/POTFILES.in | 1 + debian/po/templates.pot | 49 +++++++ debian/postinst | 240 ++++++++++++++++----------------- debian/postrm | 5 +- debian/prerm | 35 ++--- debian/rules | 69 +--------- debian/templates | 2 +- 16 files changed, 233 insertions(+), 255 deletions(-) rename debian/README.CARNet => README.CARNet (95%) delete mode 120000 debian/changelog.CARNet create mode 100644 debian/copyright create mode 100644 debian/lintian-overrides create mode 100644 debian/po/POTFILES.in create mode 100644 debian/po/templates.pot diff --git a/debian/README.CARNet b/README.CARNet similarity index 95% rename from debian/README.CARNet rename to README.CARNet index ecd0b5a..e05184c 100644 --- a/debian/README.CARNet +++ b/README.CARNet @@ -1,5 +1,5 @@ mod-security-cn ---------------- +~~~~~~~~~~~~~~~ Ovaj paket sadrzi dodatne CARNetove postavke za ModSecurity. Povlaci za sobom instalaciju Debian paketa: @@ -53,4 +53,4 @@ preporuca se da NE brisete i da ne uredjujete navedene konfiguracijske datoteke, osim ako znate sto cinite. - -- Dragan Dosen Thu, 28 May 2009 20:26:52 +0200 + -- Dragan Dosen Thu, 28 Apr 2011 22:19:30 +0200 diff --git a/debian/changelog b/debian/changelog index 5d08ca4..7a2c6cd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +mod-security-cn (2.5.12+1) stable; urgency=low + + * Prva inacica paketa za Debian squeeze distribuciju. + * Nova debian/rules datoteka. + * Azurirane ovisnosti unutar debian/control. + * Razni Lintian popravci, dodan copyright, promjena inacice + paketa u Debian native. + + -- Dragan Dosen Thu, 28 Apr 2011 22:19:30 +0200 + mod-security-cn (2.5.9-1) stable; urgency=low * Inicijalni paket za Debian lenny. diff --git a/debian/changelog.CARNet b/debian/changelog.CARNet deleted file mode 120000 index 194579e..0000000 --- a/debian/changelog.CARNet +++ /dev/null @@ -1 +0,0 @@ -changelog.Debian \ No newline at end of file diff --git a/debian/compat b/debian/compat index b8626c4..7f8f011 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -4 +7 diff --git a/debian/config b/debian/config index 6416f6f..c5cc1b5 100644 --- a/debian/config +++ b/debian/config @@ -6,10 +6,10 @@ set -e . /usr/share/debconf/confmodule if [ "$1" != reconfigure ]; then - db_fget mod-security-cn/rbl seen - if [ "$RET" = "true" ]; then - exit 0 - fi + db_fget mod-security-cn/rbl seen + if [ "$RET" = "true" ]; then + exit 0 + fi fi A2DIR="/etc/apache2" @@ -25,18 +25,17 @@ MODSECCONF="$MODSECDIR/mod-security-cn.conf" # 2 - file exists, but it is not tagged # chk_conf_tag () { - - local conf_file - conf_file="$1" - RET=1 - - if [ -f "$conf_file" ]; then - if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then - RET=0 - else - RET=2 - fi + local conf_file + conf_file="$1" + RET=1 + + if [ -f "$conf_file" ]; then + if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then + RET=0 + else + RET=2 fi + fi } @@ -44,17 +43,15 @@ chk_conf_tag () { # chk_conf_tag "$MODSECCONF" if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then - - # Configuration file is tagged or does not exist - ask user - # for RBL. - db_title mod-security-cn - konfiguracija - db_input critical mod-security-cn/rbl || true - db_go || true + # Configuration file is tagged or does not exist - ask user + # for RBL. + db_title mod-security-cn - konfiguracija + db_input critical mod-security-cn/rbl || true + db_go || true else - - # Configuration file is not tagged - skip question. - db_set mod-security-cn/rbl false || true - db_fset mod-security-cn/rbl seen true + # Configuration file is not tagged - skip question. + db_set mod-security-cn/rbl false || true + db_fset mod-security-cn/rbl seen true fi exit 0 diff --git a/debian/control b/debian/control index db7f069..0ce0a75 100644 --- a/debian/control +++ b/debian/control @@ -1,15 +1,15 @@ Source: mod-security-cn -Section: web +Section: httpd Priority: optional Maintainer: Dragan Dosen -Build-Depends: debhelper (>= 4.0.0) -Standards-Version: 3.7.2 +Build-Depends: debhelper (>= 7), po-debconf +Standards-Version: 3.9.1 Package: mod-security-cn Architecture: all -Pre-Depends: libapache-mod-security (>= 2.5.9-1~cn1), mod-security-common (>= 2.5.9-1~cn1) -Depends: carnet-tools-cn (>= 2.8.1), ${misc:Depends} -Description: Tighten web applications security for Apache (CARNet configuration) +Pre-Depends: libapache-mod-security (>= 2.5.12-1), mod-security-common (>= 2.5.12-1) +Depends: carnet-tools-cn (>= 3.0.0), ${misc:Depends} +Description: Tighten web applications security for Apache Mod_security is an Apache module whose purpose is to tighten the Web application security. Effectively, it is an intrusion detection and prevention system for the web server. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..5350ae7 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,7 @@ +Copyright 2011 CARNet + +You are free to distribute this software package under the terms of the +GNU General Public License. + +On Debian systems, the complete text of the GNU General Public +License can be found in the file /usr/share/common-licenses/GPL. diff --git a/debian/docs b/debian/docs index 24d27ef..8f6e250 100644 --- a/debian/docs +++ b/debian/docs @@ -1,2 +1 @@ -debian/README.CARNet -debian/changelog.CARNet +README.CARNet diff --git a/debian/lintian-overrides b/debian/lintian-overrides new file mode 100644 index 0000000..c408355 --- /dev/null +++ b/debian/lintian-overrides @@ -0,0 +1 @@ +mod-security-cn: latest-debian-changelog-entry-changed-to-native diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 0000000..cef83a3 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 0000000..dca2818 --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,49 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: mod-security-cn@packages.debian.org\n" +"POT-Creation-Date: 2011-04-28 22:33+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "Zelite li aktivirati RBL?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"ModSecurity moze provjeravati da li se adresa klijenta koji pristupa Vasem " +"web posluzitelju nalazi na RBL (Realtime Blackhole List) listi. U slucaju " +"da se adresa nalazi na RBL listi, sa doticne adrese nece se moci pristupiti " +"Vasem web posluzitelju. RBL provjera se preskace za adrese koje su iz " +"CARNetove mreze. Ova funkcionalnost je slicna onoj koju ima Postfix MTA." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "RBL posluzitelj koji se koristi za provjeru je xbl.dnsbl-sh.carnet.hr." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:1001 +msgid "" +"VAZNO: Zbog licencnih razloga pristup CARNetovom RBL posluzitelju je " +"dopusten samo sa CARNetove mreze (161.53.0.0/16 i 193.198.0.0/16)." +msgstr "" diff --git a/debian/postinst b/debian/postinst index 44f707c..02d680d 100644 --- a/debian/postinst +++ b/debian/postinst @@ -5,18 +5,18 @@ set -e [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx case "$1" in - configure) - # continue below - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - exit 0 - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 0 - ;; + configure) + # continue below + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + exit 0 + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; esac @@ -46,16 +46,15 @@ need_restart=0 # Cleanup all temp files or directories. # cleanup () { + local item - local item - - if [ -n "$temp_files" ]; then - for item in $temp_files; do - if [ -e "$item" ]; then - rm -rf $item - fi - done - fi + if [ -n "$temp_files" ]; then + for item in $temp_files; do + if [ -e "$item" ]; then + rm -rf $item + fi + done + fi } # chk_conf_tag () @@ -66,18 +65,17 @@ cleanup () { # 2 - file exists, but it is not tagged # chk_conf_tag () { + local conf_file + conf_file="$1" + RET=1 - local conf_file - conf_file="$1" - RET=1 - - if [ -f "$conf_file" ]; then - if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then - RET=0 - else - RET=2 - fi + if [ -f "$conf_file" ]; then + if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then + RET=0 + else + RET=2 fi + fi } @@ -89,20 +87,19 @@ trap cleanup 0 1 2 15 # Enable ModSecurity and unique_id Apache2 modules. # if [ -e "$CONF" ]; then - - # Enable mod-security.load - if [ ! -e "$A2MODEDIR/mod-security.load" ]; then - cp_echo "CN: Enabling ModSecurity module for Apache2 web server." - a2enmod mod-security >/dev/null || true - need_restart=1 - fi - - # Enable unique_id.load - if [ ! -e "$A2MODEDIR/unique_id.load" ]; then - cp_echo "CN: Enabling unique_id module for Apache2 web server." - a2enmod unique_id >/dev/null || true - need_restart=1 - fi + # Enable mod-security.load + if [ ! -e "$A2MODEDIR/mod-security.load" ]; then + cp_echo "CN: Enabling ModSecurity module for Apache2 web server." + a2enmod mod-security >/dev/null || true + need_restart=1 + fi + + # Enable unique_id.load + if [ ! -e "$A2MODEDIR/unique_id.load" ]; then + cp_echo "CN: Enabling unique_id module for Apache2 web server." + a2enmod unique_id >/dev/null || true + need_restart=1 + fi fi @@ -112,93 +109,93 @@ fi chk_conf_tag "$MODSECCONF" if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then - # Create /etc/apache2/conf.d/ directory if missing. - if [ ! -d "$CONFDIR" ]; then - cp_echo "CN: Creating configuration directory $CONFDIR/" - mkdir -p $CONFDIR/ - fi + # Create /etc/apache2/conf.d/ directory if missing. + if [ ! -d "$CONFDIR" ]; then + cp_echo "CN: Creating configuration directory $CONFDIR/" + mkdir -p $CONFDIR/ + fi - # Create /etc/apache2/mod-security/ directory if missing. - if [ ! -d "$MODSECDIR" ]; then - cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/" - mkdir -p $MODSECDIR/ - fi + # Create /etc/apache2/mod-security/ directory if missing. + if [ ! -d "$MODSECDIR" ]; then + cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/" + mkdir -p $MODSECDIR/ + fi - out=$(mktemp $MODSECCONF.XXXXXX) - temp_files="${temp_files} ${out}" + out=$(mktemp $MODSECCONF.XXXXXX) + temp_files="${temp_files} ${out}" - db_get mod-security-cn/rbl || true - if [ "$RET" = "true" ]; then + db_get mod-security-cn/rbl || true + if [ "$RET" = "true" ]; then - # Add RBL configuration. - chk_conf_tag "$MODSECRBL" - if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then + # Add RBL configuration. + chk_conf_tag "$MODSECRBL" + if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then - if [ $RET -eq 1 ]; then - cp_echo "CN: Creating configuration file $MODSECRBL" + if [ $RET -eq 1 ]; then + cp_echo "CN: Creating configuration file $MODSECRBL" + cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL" + need_restart=1 + else + if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then + cp_echo "CN: Updating configuration file $MODSECRBL" cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL" need_restart=1 - else - if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then - cp_echo "CN: Updating configuration file $MODSECRBL" - cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL" - need_restart=1 - fi fi fi + fi - sed "s,#RBLLOOKUP#,Include $MODSECRBL,g" \ - "$MODSECTPL/$(basename $MODSECCONF)" > "$out" + sed "s,#RBLLOOKUP#,Include $MODSECRBL,g" \ + "$MODSECTPL/$(basename $MODSECCONF)" > "$out" - if [ -e "$MODSECCONF" ]; then - if ! cmp -s "$MODSECCONF" "$out"; then - cp_echo "CN: Updating configuration file $MODSECCONF" - mv -f "$out" "$MODSECCONF" - cp_echo "CN: Enabled ModSecurity RBL lookup." - need_restart=1 - fi - else - cp_echo "CN: Creating configuration file $MODSECCONF" - mv "$out" "$MODSECCONF" + if [ -e "$MODSECCONF" ]; then + if ! cmp -s "$MODSECCONF" "$out"; then + cp_echo "CN: Updating configuration file $MODSECCONF" + mv -f "$out" "$MODSECCONF" cp_echo "CN: Enabled ModSecurity RBL lookup." need_restart=1 fi else + cp_echo "CN: Creating configuration file $MODSECCONF" + mv "$out" "$MODSECCONF" + cp_echo "CN: Enabled ModSecurity RBL lookup." + need_restart=1 + fi + else - # Remove RBL configuration. - sed "s,#RBLLOOKUP#,# DISABLED,g" \ - "$MODSECTPL/$(basename $MODSECCONF)" > "$out" + # Remove RBL configuration. + sed "s,#RBLLOOKUP#,# DISABLED,g" \ + "$MODSECTPL/$(basename $MODSECCONF)" > "$out" - if [ -e "$MODSECCONF" ]; then - if ! cmp -s "$MODSECCONF" "$out"; then - cp_echo "CN: Updating configuration file $MODSECCONF" - mv -f "$out" "$MODSECCONF" - cp_echo "CN: Disabled ModSecurity RBL lookup." - need_restart=1 - fi - else - cp_echo "CN: Creating configuration file $MODSECCONF" - mv "$out" "$MODSECCONF" + if [ -e "$MODSECCONF" ]; then + if ! cmp -s "$MODSECCONF" "$out"; then + cp_echo "CN: Updating configuration file $MODSECCONF" + mv -f "$out" "$MODSECCONF" cp_echo "CN: Disabled ModSecurity RBL lookup." need_restart=1 fi - - chk_conf_tag "$MODSECRBL" - if [ $RET -eq 0 ]; then - cp_echo "CN: Removing configuration file $MODSECRBL" - rm -f "$MODSECRBL" - need_restart=1 - fi + else + cp_echo "CN: Creating configuration file $MODSECCONF" + mv "$out" "$MODSECCONF" + cp_echo "CN: Disabled ModSecurity RBL lookup." + need_restart=1 fi - if [ -f "$out" ]; then rm -f $out; fi - - # Enable ModSecurity configuration. - if [ ! -e "$MODSECLNK" ]; then - cp_echo "CN: Enabling ModSecurity configuration." - ln -fs "$MODSECCONF" "$MODSECLNK" + chk_conf_tag "$MODSECRBL" + if [ $RET -eq 0 ]; then + cp_echo "CN: Removing configuration file $MODSECRBL" + rm -f "$MODSECRBL" need_restart=1 fi + fi + + if [ -f "$out" ]; then rm -f $out; fi + + # Enable ModSecurity configuration. + if [ ! -e "$MODSECLNK" ]; then + cp_echo "CN: Enabling ModSecurity configuration." + ln -fs "$MODSECCONF" "$MODSECLNK" + need_restart=1 + fi fi db_stop || true @@ -208,23 +205,14 @@ db_stop || true # if [ $need_restart -eq 1 ]; then - # Check Apache2 web server configuration. - if /usr/sbin/apache2ctl configtest 2>/dev/null; then - - # Restart Apache2 web server. - if [ -x "/etc/init.d/apache2" ]; then - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d apache2 restart || true - else - /etc/init.d/apache2 restart || true - fi - fi - else - - # Something is broken. - cp_echo "CN: Your Apache2 configuration is broken." - cp_echo "CN: Please, check the service after the installation finishes!" - fi + # Check Apache2 web server configuration. + if apache2ctl configtest 2>/dev/null; then + invoke-rc.d apache2 force-reload || true + else + # Something is broken. + cp_echo "CN: Your Apache2 configuration is broken." + cp_echo "CN: Please, check the service after the installation finishes!" + fi fi @@ -232,4 +220,6 @@ fi # cp_mail "$PKG" +#DEBHELPER# + exit 0 diff --git a/debian/postrm b/debian/postrm index 6da000b..b7ec504 100644 --- a/debian/postrm +++ b/debian/postrm @@ -2,9 +2,6 @@ set -e -if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then - . /usr/share/debconf/confmodule - db_purge -fi +#DEBHELPER# exit 0 diff --git a/debian/prerm b/debian/prerm index 5087d77..bd99613 100644 --- a/debian/prerm +++ b/debian/prerm @@ -10,18 +10,17 @@ set -e # 2 - file exists, but it is not tagged # chk_conf_tag () { - - local conf_file - conf_file="$1" - RET=1 - - if [ -f "$conf_file" ]; then - if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then - RET=0 - else - RET=2 - fi + local conf_file + conf_file="$1" + RET=1 + + if [ -f "$conf_file" ]; then + if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then + RET=0 + else + RET=2 fi + fi } @@ -63,17 +62,9 @@ case "$1" in done # Restart Apache2 web server. - if [ $need_restart -eq 1 ]; then + if [ $need_restart -eq 1 ]; then if apache2ctl configtest 2>/dev/null; then - - # Restart Apache2 web server. - if [ -x "/etc/init.d/apache2" ]; then - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d apache2 restart || true - else - /etc/init.d/apache2 restart || true - fi - fi + invoke-rc.d apache2 force-reload || true else # Something is broken. cp_echo "CN: Your Apache2 configuration seem to be broken." @@ -94,4 +85,6 @@ case "$1" in ;; esac +#DEBHELPER# + exit 0 diff --git a/debian/rules b/debian/rules index e7f422a..cbe925d 100755 --- a/debian/rules +++ b/debian/rules @@ -1,68 +1,3 @@ #!/usr/bin/make -f -# -*- makefile -*- -# Sample debian/rules that uses debhelper. -# This file was originally written by Joey Hess and Craig Small. -# As a special exception, when this file is copied by dh-make into a -# dh-make output file, you may use that output file without restriction. -# This special exception was added by Craig Small in version 0.37 of dh-make. - -#export DH_VERBOSE=1 - -configure: configure-stamp -configure-stamp: - dh_testdir - touch configure-stamp - -build: build-stamp - -build-stamp: configure-stamp - dh_testdir - touch build-stamp - -clean: - dh_testdir - dh_testroot - rm -f build-stamp configure-stamp - dh_clean - -install: build - dh_testdir - dh_testroot - dh_clean -k - dh_installdirs - -binary-indep: build install - -binary-arch: build install - dh_testdir - dh_testroot - dh_installchangelogs - dh_installdocs - dh_install -X.svn -# dh_installexamples -# dh_install -# dh_installmenu - dh_installdebconf -# dh_installlogrotate -# dh_installemacsen -# dh_installpam -# dh_installmime -# dh_installinit -# dh_installcron -# dh_installinfo - dh_installman - dh_link -# dh_strip - dh_compress - dh_fixperms -# dh_perl -# dh_python -# dh_makeshlibs - dh_installdeb - dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb - -binary: binary-indep binary-arch -.PHONY: build clean binary-indep binary-arch binary install configure +%: + dh $@ diff --git a/debian/templates b/debian/templates index 037b574..6f19d4b 100644 --- a/debian/templates +++ b/debian/templates @@ -1,7 +1,7 @@ Template: mod-security-cn/rbl Type: boolean Default: true -Description: Zelite li aktivirati RBL? +_Description: Zelite li aktivirati RBL? ModSecurity moze provjeravati da li se adresa klijenta koji pristupa Vasem web posluzitelju nalazi na RBL (Realtime Blackhole List) listi. U slucaju da se adresa nalazi na RBL listi, sa doticne adrese -- 1.7.10.4