Disabling mlogc breaks standalone build

[quanah]

If --disable-mlogc and --enable-standalone-module are passed to configure, the result is not buildable, with the following error:

Making all in standalone
make[2]: Entering directory `/home/build/p4/zimbra/main/ThirdParty/modsecurity/zimbra-modsecurity/rpm/BUILD/modsecurity-2.9.0/standalone'
/bin/sh ../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I../apache2    -DVERSION_NGINX -I/opt/zimbra/common/include -I/opt/zimbra/common/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/opt/zimbra/common/include/libxml2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500  -DREQUEST_EARLY          -DWITH_REMOTE_RULES  -O0 -g  -MT ../apache2/standalone_la-acmp.lo -MD -MP -MF ../apache2/.deps/standalone_la-acmp.Tpo -c -o ../apache2/standalone_la-acmp.lo `test -f '../apache2/acmp.c' || echo './'`../apache2/acmp.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../apache2 -DVERSION_NGINX -I/opt/zimbra/common/include -I/opt/zimbra/common/include -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL -I/opt/zimbra/common/include/libxml2 -DWITH_PCRE_STUDY -DMODSEC_PCRE_MATCH_LIMIT=1500 -DMODSEC_PCRE_MATCH_LIMIT_RECURSION=1500 -DREQUEST_EARLY -DWITH_REMOTE_RULES -O0 -g -MT ../apache2/standalone_la-acmp.lo -MD -MP -MF ../apache2/.deps/standalone_la-acmp.Tpo -c ../apache2/acmp.c  -fPIC -DPIC -o ../apache2/.libs/standalone_la-acmp.o
In file included from ../apache2/acmp.c:17:0:
../apache2/acmp.h:18:17: fatal error: apr.h: No such file or directory
 #include <apr.h>
                 ^
compilation terminated.
make[2]: *** [../apache2/standalone_la-acmp.lo] Error 1
make[2]: Leaving directory `/home/build/p4/zimbra/main/ThirdParty/modsecurity/zimbra-modsecurity/rpm/BUILD/modsecurity-2.9.0/standalone'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/build/p4/zimbra/main/ThirdParty/modsecurity/zimbra-modsecurity/rpm/BUILD/modsecurity-2.9.0'

If I remove the --disable-mlogc option, it compiles just fine.

[quanah]

Disabling mlogc while enabling standalone comes directly from the mod security wiki on building with nginx:

https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Installation_for_NGINX

[zimmerle]

Hi @quanah,

Are you able to compile ModSecurity without disable the mlogc? It seems ModSecurity is trying to find apr.h which is needed even without the mlogc.

[quanah]

@zimmerle I already noted that w/o disabling mlogc, the build succeeds. It's the last line in my original comment.

[zimmerle]

Do you mind to share your config.log ?

You can use gist for that:
https://gist.github.com/

[quanah]

Sorry for the delay, I had an upcoming vacation to prepare for and then take. ;)

https://gist.github.com/quanah/7d43487c8f3f1582cd05

[quanah]

Playing with the options to configure, if --disable-mlogc is added, then configure is unable to find apr & apr-util.

With --disable-mlogc specified:

checking for libcurl config script... /opt/zimbra/common/bin/curl-config
./configure: line 13855: test: : integer expression expected
./configure: line 13858: test: : integer expression expected
./configure: line 13861: test: : integer expression expected
checking if libcurl is at least v... yes, 7.40.0
checking if libcurl is linked with gnutls... no
configure: using curl v7.40.0
configure: looking for Apache module support via DSO through APXS
configure: found apxs at /opt/zimbra/common/bin/apxs
configure: checking httpd version
configure: httpd is recent enough
checking for libpcre config script... /usr/bin/pcre-config
configure: using pcre v7.8
checking for libxml2 config script... /opt/zimbra/common/bin/xml2-config
checking if libxml2 is at least v2.6.29... yes, 2.9.2
configure: using libxml2 v2.9.2
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for liblua config script... no
checking for lua install... no
configure: optional lua library not found
checking for libyajl config script... no
checking for yajl install... no
configure: optional yajl library not found
checking for ssdeep path... no
configure: optional ssdeep library not found
configure: WARNING: APR util was not compiled with crypto support. SecRemoteRule will not support the parameter 'crypto'
checking that generated files are newer than configure... done
configure: creating ./config.status

Without specifying --disable-mlogc:

checking for libcurl config script... /opt/zimbra/common/bin/curl-config
./configure: line 13855: test: : integer expression expected
./configure: line 13858: test: : integer expression expected
./configure: line 13861: test: : integer expression expected
checking if libcurl is at least v... yes, 7.40.0
checking if libcurl is linked with gnutls... no
configure: using curl v7.40.0
configure: looking for Apache module support via DSO through APXS
configure: found apxs at /opt/zimbra/common/bin/apxs
configure: checking httpd version
configure: httpd is recent enough
checking for libpcre config script... /usr/bin/pcre-config
configure: using pcre v7.8
checking for libapr config script... /opt/zimbra/common/bin/apr-1-config
configure: using apr v1.5.1
checking for libapu config script... /opt/zimbra/common/bin/apu-1-config
configure: using apu v1.5.4
checking for libxml2 config script... /opt/zimbra/common/bin/xml2-config
checking if libxml2 is at least v2.6.29... yes, 2.9.2
configure: using libxml2 v2.9.2
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for liblua config script... no
checking for lua install... no
configure: optional lua library not found
checking for libyajl config script... no
checking for yajl install... no
configure: optional yajl library not found
checking for ssdeep path... no
configure: optional ssdeep library not found
checking that generated files are newer than configure... done
configure: creating ./config.status

[quanah]

ok, tracked this down to disabling apache2 and mlogc. Although it appears that apache2 is required for building this out with nginx? doc is not clear on that.

[uxbod]

Hence https://github.com/SpiderLabs/ModSecurity/tree/libmodsecurity for an agnostic webserver library.

[quanah]

@uxbod I'm not exactly sure what that comment means. The directions for building on nginx are to build standalone. Standalone should be without apache2 and without mlogc. However, if you specify such a thing, building modsecurity breaks. That seems to be a quite valid bug.

[quanah]

@uxbod ah, after reading through the description, I see your point. However, given that it's not advised to use libmodsecurity at this time, it doesn't help much. ;) It would be nice to see this fixed in the 2.9 branch until 3.x is ready.

[blaksec]

@quanah - were you able to get past this issue?

[quanah]

@gchorny I no longer work for Zimbra, so it's not on my radar to address. I've no idea if it remains pertinent to Zimbra's plans for the future.

[zimmerle]

Standalone build depends on Apache. Disabling mlogc also disables Apache therefore breaks the build. For complete Apache independence please check on libModSecurity. Check #661 for further information.

nginx connector that no longer needs the Standalone versions -
https://github.com/SpiderLabs/ModSecurity-nginx