proj/gentoo: Initial commit

This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.

This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.

Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed

1 files changed, 137 insertions, 0 deletions

diff --git a/www-apache/modsecurity-crs/modsecurity-crs-2.2.6-r1.ebuild b/www-apache/modsecurity-crs/modsecurity-crs-2.2.6-r1.ebuild
new file mode 100644
index 000000000000..e4b076aff6a2
--- /dev/null
+++ b/www-apache/modsecurity-crs/modsecurity-crs-2.2.6-r1.ebuild
@@ -0,0 +1,137 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=4
+
+GITHUB_USER=SpiderLabs
+GITHUB_PROJECT=owasp-${PN}
+
+DESCRIPTION="Core Rule Set for ModSecurity"
+HOMEPAGE="http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project"
+SRC_URI="https://github.com/${GITHUB_USER}/${GITHUB_PROJECT}/tarball/v${PV} -> ${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="amd64 ppc sparc x86"
+IUSE="lua geoip"
+
+RDEPEND=">=www-apache/mod_security-2.7[lua?,geoip?]"
+DEPEND=""
+
+S="${WORKDIR}/${P}"
+
+RULESDIR=/etc/modsecurity
+LUADIR=/usr/share/${PN}/lua
+
+src_unpack() {
+	default
+	mv "${WORKDIR}/${GITHUB_USER}-${GITHUB_PROJECT}-"* "${P}" || die
+}
+
+src_prepare() {
+	if ! use lua; then
+		# comment out this since it's in the same file as another one we want to keep
+		sed -i -e "/id:'96000[456]'/s:^:#:" \
+			experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
+
+		# remove these that rely on the presence of the lua files
+		rm \
+			experimental_rules/modsecurity_crs_16_scanner_integration.conf \
+			experimental_rules/modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf \
+			experimental_rules/modsecurity_crs_41_advanced_filters.conf \
+			experimental_rules/modsecurity_crs_55_response_profiling.conf \
+			experimental_rules/modsecurity_crs_56_pvi_checks.conf \
+			|| die
+	else
+		# fix up the path to the scripts; there seems to be no
+		# consistency at all on how the rules are loaded.
+		sed -i \
+			-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
+			-e "s:profile_page_scripts.lua:${LUADIR}/\0:" \
+			-e "s:/usr/local/apache/conf/crs/lua/:${LUADIR}/:" \
+			-e "s:/usr/local/apache/conf/modsec_current/base_rules/:${LUADIR}/:" \
+			-e "s:/etc/apache2/modsecurity-crs/lua/:${LUADIR}/:" \
+			-e "s:\.\./lua/:${LUADIR}/:" \
+			*_rules/*.conf || die
+
+		# fix up the shebang on the scripts
+		sed -i -e "s:/opt/local/bin/lua:/usr/bin/lua:" \
+			lua/*.lua || die
+	fi
+
+	sed -i \
+		-e '/SecGeoLookupDb/s:^:#:' \
+		-e '/SecGeoLookupDb/a# Gentoo already defines it in 79_modsecurity.conf' \
+		experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
+
+	if ! use geoip; then
+		if use lua; then
+			# only comment this out as the file is going to be used for other things
+			sed -i -e "/id:'960007'/,+1 s:^:#:" \
+				experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
+		else
+			rm experimental_rules/modsecurity_crs_61_ip_forensics.conf || die
+		fi
+	fi
+}
+
+src_install() {
+	insinto "${RULESDIR}"
+	# slr_rules as of 2.2.6 have broken IDs that don't work with
+	# ModSecurity 2.7, but the rules require 2.7 to begin with.
+	doins -r base_rules optional_rules experimental_rules #slr_rules
+
+	insinto "${LUADIR}"
+	doins lua/*.lua
+
+	dodoc CHANGELOG README.md
+
+	(
+		cat - <<EOF
+<IfDefine SECURITY>
+EOF
+
+		cat modsecurity_crs_10_setup.conf.example
+
+		cat - <<EOF
+
+Include /etc/modsecurity/base_rules/*.conf
+
+# Include Trustwave SpiderLabs Research Team rules
+# Include /etc/modsecurity/slr_rules/*.conf
+# Not installed yet as of 2.2.6
+
+# Optionally use the other rules as well
+# Include /etc/modsecurity/optional_rules/*.conf
+# Include /etc/modsecurity/experimental_rules/*.conf
+</IfDefine>
+
+# -*- apache -*-
+# vim: ts=4 filetype=apache
+
+EOF
+	) > "${T}"/"80_${PN}.conf"
+
+	insinto /etc/apache2/modules.d/
+	doins "${T}"/"80_${PN}.conf"
+}
+
+pkg_postinst() {
+	elog
+	elog "If you want to enable further rules, check the following directories:"
+	elog "	${RULESDIR}/optional_rules"
+	elog "	${RULESDIR}/experimental_rules"
+	elog ""
+	elog "Starting from version 2.0.9, the default for the Core Rule Set is again to block"
+	elog "when rules hit. If you wish to go back to the 2.0.8 method of anomaly scoring, you"
+	elog "should change 80_${PN}.conf so that you have these settings enabled:"
+	elog ""
+	elog "    #SecDefaultAction \"phase:2,deny,log\""
+	elog "    SecAction \"phase:1,t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on\""
+	elog ""
+	elog "Starting from version 2.1.2 rules are installed, for consistency, under"
+	elog "/etc/modsecurity, and can be configured with the following file:"
+	elog "  /etc/apache2/modules.d/80_${PN}.conf"
+	elog ""
+}