Thursday 2 April 2009

Compiling mod_security

Apache version: 2.0.63 / 2.2.11
mod_security version: 2.5.9
Operating System: Solaris 10 (Generic_120011-14 on Sun T2000) non-global zone
Error keywords seen:
configure: *** pcre library not found.;
configure: error: pcre library is required;
configure: *** apr library not found.;
configure: error: apr library is required;
configure: *** apu library not found.;
configure: error: apu library is required;
./configure: line 5518: /app/apache_2.0.63/bin/apr-config/apr-config: Not a directory



Installing mod_security as a shared object should be a simple, straight-forward task - and indeed, the last time I had to do it, I had no problems. However, today I had to compile mod_security on a Solaris 10 zone, and I ran into some unusual problems - partly due to an error in the configure script.

Running through the basic instructions, everything proceeded as expected:

download modsecurity-apache_2.5.9.tar.gz from http://sourceforge.net/project/showfiles.php?group_id=68846&package_id=67646

cp
download modsecurity-apache_2.5.9.tar.gz /tmp
gunzip modsecurity-apache_2.5.9.tar.gz
tar -xf modesecurity-apache_2.5.9.tar
cd /tmp/modsecurity-apache_2.5.9

Check that mod_unique_id is installed and that /usr/lib/libxml2.so is present. Ensure that gcc and ar are present in the PATH.

Okay - ready to run configure:

# ./configure --with-apxs=/app/apache_2.0.63/bin/apxs
checking for g++... g++
...
REDACTED
...
configure: looking for Apache module support via DSO through APXS
configure: found apxs at /app/apache_2.0.63/bin/apxs
configure: checking httpd version
configure: httpd is recent enough
Use of uninitialized value in concatenation (.) or string at /app/apache_2.0.63/bin/apxs line 237.

checking for libpcre config script... no
configure: *** pcre library not found.
configure: error: pcre library is required


So - we pop over to sunfreeware, download pcre-7.8-sol10-sparc-local.gz - transfer this to the global zone, and as root install it:

pkgadd -d ./pcre-7.8-sol10-sparc-local


On with the show:

# ./configure --with-apxs=/app/apache_2.0.63/bin/apxs
checking for g++... g++
...
REDACTED
...
Use of uninitialized value in concatenation (.) or string at /app/apache_2.0.63/bin/apxs line 237.
checking for libpcre config script... /usr/local/bin/pcre-config
configure: using '-L/usr/local/lib -R/usr/local/lib -lpcre' for pcre Library
checking for libapr config script... /app/apache_2.0.63/bin/apxs/apxs
./configure: line 5509: /app/apache_2.0.63/bin/apxs/apxs: Not a directory
./configure: line 5512: /app/apache_2.0.63/bin/apxs/apxs: Not a directory
./configure: line 5515: /app/apache_2.0.63/bin/apxs/apxs: Not a directory
./configure: line 5518: /app/apache_2.0.63/bin/apxs/apxs: Not a directory
configure: *** apr library not found.
configure: error: apr library is required

What's that? Whoever said anything about
/app/apache_2.0.63/bin/apxs/apxs? Where did that come from?

Well, let's address the missing apr library issue first, but adding --with-apr=/app/apache_2.0.63/bin/apr-config to the configure settings:

# ./configure --with-apxs=/app/apache_2.0.63/bin/apxs --with-apr=/app/apache_2.0.63/bin/apr-config
checking for g++... g++
...
REDACTED
...
./configure: line 5509: /app/apache_2.0.63/bin/apr-config/apr-config: Not a directory
configure: apr CFLAGS:
./configure: line 5512: /app/apache_2.0.63/bin/apr-config/apr-config: Not a directory
configure: apr LDFLAGS:
./configure: line 5515: /app/apache_2.0.63/bin/apr-config/apr-config: Not a directory
configure: apr LIBS:
./configure: line 5518: /app/apache_2.0.63/bin/apr-config/apr-config: Not a directory
configure: apr LINK_LD:
configure: *** apr library not found.
configure: error: apr library is required

And we have it again - we've got a doubled apr-config/apr-config - where did that come from?

So I had a look at configure, and we can fix the problem by finding the line:

APR_CONFIG="${with_apr}/${APR_CONFIG}"

and replace with,

APR_CONFIG="${with_apr}"

while we're at it, we note the the same is true of apu-config, so:

find the line:

APU_CONFIG="${with_apu}/${APU_CONFIG}"

and replace with:

APU_CONFIG="${with_apu}"

The bug for this is actually earlier in the code, where the ${withval} parameter isn't stripped down right, but this fix will work well enough for our requirements.

Now we run configure as:

./configure --with-apxs=/app/apache_2.0.63/bin/apxs --with-apr=/app/apache_2.0.63/bin/apr-config --with-apu=/app/apache_2.0.63/bin/apu-config

and it works.

make && make install

- will now finish the installation



------

I've reported this bug to the mod_security project, (https://www.modsecurity.org/tracker/browse/MODSEC-51) - and the bug is known and will be fixed in the 2.5.10 release.

4 comments:

kurt said...

Finaly up and running.
Thx.

Anonymous said...

The new version is released. They did not solve this problem we face in solaris

Sagar said...

I was wrong. I got a similar error and by looking at the difference in configure script misunderstood that they didnt do. The truth is that bug no more exists!

Anonymous said...

Hello,

I was installing Mod_Security on my CentOS 6.0 server (linux).

This error appeared : apr library not found.


Can anybody help me resolve me this issue ?

or

How can I install apr library ?