Re: [mod-security-packagers] ModSecurity 3.x (almost) enters Debian

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

On Fri, Oct 19, 2018 at 07:34:48PM +0200, Alberto Gonzalez Iniesta wrote:
> Neither can I, that's why I asked for help :-)
> Those errors are from build daemons. Logs:
> 
> > > > https://buildd.debian.org/status/package.php?p=modsecurity&suite=sid

looks like I have the solution.

Here is the build log:

https://buildd.debian.org/status/fetch.php?pkg=modsecurity&arch=i386&ver=3.0.2-1&stamp=1539703808&raw=0

and here is the failed test:

:test-result: FAIL variable-ENV.json:Testing Variables :: ENV (2/3)

./regression_tests .././test/test-cases/regression/variable-ENV.json:2 

here is the 2nd test in that file:

    82	    "expected":{
    83	      "debug_log":"Variable: ENV:TERM"
    84	    },
    85	    "rules":[
    86	      "SecRuleEngine On",
    87	      "SecRule ENV:TERM \"@contains test\" \"id:1,phase:3,pass,t:trim\""
    88	    ]

so the expected result is that the test shows the TERM
environment variable.

But looks like sbuild (which is the official build system of
Debian) doesn't have ENV variable until the build flow. That's why
Felipe any me could build and ran test cases successfully, but
the build daemon can't.

I've installed the sbuild on my unstable vm, and make this
modification:

8,9d7
< export TERM=$(shell if [ -z $TERM ]; then echo "linux"; else echo $TERM; fi)
< 

the new version of d/rules looks like this:

==%==
#!/usr/bin/make -f

DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
# move modsec-rules-check (lib debugging/testing tool) to libexec to avoid
# an extra package while keeping the library package multiarch
CONFIGURE_EXTRA_FLAGS += --bindir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH)/libexec

export TERM=$(shell if [ -z $TERM ]; then echo "linux"; else echo $TERM; fi)

%:
        dh $@

...
==%==

Note, that we could put a simple

export TERM=linux

line to rules, but if somebody wants to build the package for its
own use, then it overwrites the TERM env, but this solution
prevents that.

May be there is an other elegant way to pass an ENV to dh
(debhelper), but only this worked for me.

Hope that it helps you :),

regards,

a.