Fix post and preun to not run on upgrade

See https://coreruleset.org/20220112/crs-plugin-mechanism/

.gitignore

@@ -7,3 +7,6 @@
 /owasp-modsecurity-crs-f16e0b1.tar.gz
 /owasp-modsecurity-crs-3.0.0.tar.gz
 /owasp-modsecurity-crs-3.2.0.tar.gz
+/v3.3.0.tar.gz
+/v3.3.4.tar.gz
+/v4.2.0.tar.gz

mod_security_crs.spec

@@ -1,49 +1,120 @@
-Summary: ModSecurity Rules
+%{!?_httpd_confdir:    %{expand: %%global _httpd_confdir    %%{_sysconfdir}/httpd/conf.d}}
+
+Summary: ModSecurity Core Ruleset
 Name: mod_security_crs
-Version: 3.2.0
+Version: 4.2.0
-Release: 1%{?dist}
+Release: 2%{?dist}
-License: ASL 2.0
+License: Apache-2.0
-URL: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
+URL: https://coreruleset.org/
-Source: https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v%{version}/owasp-modsecurity-crs-%{version}.tar.gz
+Source: https://github.com/coreruleset/coreruleset/archive/refs/tags/v%{version}.tar.gz
 BuildArch: noarch
-Requires: mod_security >= 2.8.0
+Requires: mod_security >= 2.9.6
 Obsoletes: mod_security_crs-extras < 3.0.0
 
+# Patch0: mod_security_crs-XXX.patch
+
 %description
 This package provides the base rules for mod_security.
 
 %prep
-%setup -q -n owasp-modsecurity-crs-%{version}
+%autosetup -p1 -S gendiff -n coreruleset-%{version}
 
 %build
 
 %install
-
+%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
-install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/
+%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
-install -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules
+%{__install} -d %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/plugins
-install -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules
+%{__install} -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules
+%{__install} -d %{buildroot}%{_datarootdir}/mod_modsecurity_crs/plugins
 
 # To exclude rules (pre/post)
-mv rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+%{__mv} rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
-mv rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
+%{__mv} rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
 
-install -m0644 rules/* %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
+%{__install} -m0644 rules/*.conf %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
-mv crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
+%{__install} -m0644 rules/*.data %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/
+%{__install} -m0644 plugins/* %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/plugins/
+%{__mv} crs-setup.conf.example %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
 
-# activate base_rules
+%post
-for f in `ls %{buildroot}%{_datarootdir}/mod_modsecurity_crs/rules/` ; do 
+if [ $1 == 1 ]; then
-    ln -s %{_datarootdir}/mod_modsecurity_crs/rules/$f %{buildroot}%{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f; 
+    # activate base_rules
-done
+    for f in `ls %{_datarootdir}/mod_modsecurity_crs/rules/` ; do 
+        %{__ln_s} %{_datarootdir}/mod_modsecurity_crs/rules/$f %{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f; 
+    done
+    %{__sed} -i '/IncludeOptional modsecurity\.d\/\*\.conf/ a\    IncludeOptional modsecurity.d\/plugins\/*-config.conf\n    IncludeOptional modsecurity.d\/plugins\/*-before.conf' %{_httpd_confdir}/mod_security.conf
+    %{__sed} -i '/Include modsecurity\.d\/\*\.conf/a\    Include modsecurity.d/plugins/*-config.conf\n    Include modsecurity.d/plugins/*-before.conf' %{_httpd_confdir}/mod_security.conf
+    %{__sed} -i '/IncludeOptional modsecurity\.d\/local_rules\/\*\.conf/a\    IncludeOptional modsecurity.d\/plugins\/*-after.conf' %{_httpd_confdir}/mod_security.conf
+    %{__sed} -i '/Include modsecurity\.d\/local_rules\/\*\.conf/a\    Include modsecurity.d\/plugins\/*-after.conf' %{_httpd_confdir}/mod_security.conf
+fi
+exit 0
 
+%preun
+if [ $1 == 0 ]; then
+    %{__sed} -i -E '/Include(Optional)? modsecurity\.d\/plugins/d' %{_httpd_confdir}/mod_security.conf
+    for f in `ls %{_datarootdir}/mod_modsecurity_crs/rules/` ; do 
+        %{__rm} %{_sysconfdir}/httpd/modsecurity.d/activated_rules/$f; 
+    done
+fi
+exit 0
 
 %files
 %license LICENSE
-%doc CHANGES README.md
+%doc CHANGES.md README.md
+%{_datarootdir}/mod_modsecurity_crs
+%{_sysconfdir}/httpd/modsecurity.d/plugins
 %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/activated_rules/*
 %config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/crs-setup.conf
-%{_datarootdir}/mod_modsecurity_crs
+%config(noreplace) %{_sysconfdir}/httpd/modsecurity.d/plugins/*
 
 %changelog
+* Tue Jul 9 2024 Daniel Demus <daniel-fedoauth@demus.dk> - 4.2.0-2
+- Prepare for plugins (see https://coreruleset.org/20220112/crs-plugin-mechanism/)
+
+* Thu May 02 2024 Luboš Uhliarik <luhliari@redhat.com> - 4.2.0-1
+- new version 4.2.0
+- switch to autosetup
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.4-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.4-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.4-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jun 06 2023 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-5
+- SPDX migration
+
+* Mon Mar 20 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 3.3.4-4
+- Change URL to new official homepage
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Mon Dec 05 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-2
+- Add Early blocking feature patch again
+
+* Fri Sep 30 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.4-1
+- new version 3.3.4
+
+* Wed Sep 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.0-6
+- Fix application of early blocking patch
+
+* Wed Aug 31 2022 Luboš Uhliarik <luhliari@redhat.com> - 3.3.0-5
+- Backport early blocking feature
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
 * Fri Mar 05 2021 Lubos Uhliarik <luhliari@redhat.com> - 3.2.0-1
 - new version 3.2.0
 

sources

@@ -1 +1 @@
-SHA512 (owasp-modsecurity-crs-3.2.0.tar.gz) = bcd0f5b763d6e16b2b2d94898818a19ad44580bac22c6a8ae3b11d89b1b9b4b73e7dfae8b6a5267b4b949095e0e64addde49a04615ad3af01190d4aed4fbe6fe
+SHA512 (v4.2.0.tar.gz) = 041556b2071385c10a4b4a29ad4f926ee86f819f8b9c95f849e76b3d2724d5fc29c21a69f9eba6fd62e7f5709a109a95feca67a19d8c8d1f0410ee2987ac7a6b