summary refs log tree commit diff
path: root/pkgs/tools/security/libmodsecurity/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security/libmodsecurity/default.nix')
-rw-r--r--pkgs/tools/security/libmodsecurity/default.nix44
1 files changed, 33 insertions, 11 deletions
diff --git a/pkgs/tools/security/libmodsecurity/default.nix b/pkgs/tools/security/libmodsecurity/default.nix
index 03aed8c50e0..65512eb8be6 100644
--- a/pkgs/tools/security/libmodsecurity/default.nix
+++ b/pkgs/tools/security/libmodsecurity/default.nix
@@ -1,34 +1,57 @@
-{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config
-, doxygen, perl, valgrind
-, curl, geoip, libxml2, lmdb, lua, pcre, yajl }:
+{ lib, stdenv, fetchFromGitHub
+, autoreconfHook, bison, flex, pkg-config
+, curl, geoip, libmaxminddb, libxml2, lmdb, lua, pcre
+, ssdeep, valgrind, yajl
+}:
 
 stdenv.mkDerivation rec {
   pname = "libmodsecurity";
-  version = "3.0.4";
+  version = "3.0.6";
 
   src = fetchFromGitHub {
     owner = "SpiderLabs";
     repo = "ModSecurity";
-    fetchSubmodules = true;
     rev = "v${version}";
-    sha256 = "07vry10cdll94sp652hwapn0ppjv3mb7n2s781yhy7hssap6f2vp";
+    sha256 = "sha256-V+NBT2YN8qO3Px8zEzSA2ZsjSf1pv8+VlLxYlrpqfGg=";
+    fetchSubmodules = true;
   };
 
-  nativeBuildInputs = [ autoreconfHook pkg-config doxygen ];
+  nativeBuildInputs = [ autoreconfHook bison flex pkg-config ];
+  buildInputs = [ curl geoip libmaxminddb libxml2 lmdb lua pcre ssdeep valgrind yajl ];
 
-  buildInputs = [ perl valgrind curl geoip libxml2 lmdb lua pcre yajl ];
+  outputs = [ "out" "dev" ];
 
   configureFlags = [
-    "--enable-static"
+    "--enable-parser-generation"
     "--with-curl=${curl.dev}"
     "--with-libxml=${libxml2.dev}"
+    "--with-lmdb=${lmdb.out}"
+    "--with-maxmind=${libmaxminddb}"
     "--with-pcre=${pcre.dev}"
-    "--with-yajl=${yajl}"
+    "--with-ssdeep=${ssdeep}"
   ];
 
+  postPatch = ''
+    substituteInPlace build/lmdb.m4 \
+      --replace "\''${path}/include/lmdb.h" "${lmdb.dev}/include/lmdb.h" \
+      --replace "lmdb_inc_path=\"\''${path}/include\"" "lmdb_inc_path=\"${lmdb.dev}/include\""
+    substituteInPlace build/ssdeep.m4 \
+      --replace "/usr/local/libfuzzy" "${ssdeep}/lib" \
+      --replace "\''${path}/include/fuzzy.h" "${ssdeep}/include/fuzzy.h" \
+      --replace "ssdeep_inc_path=\"\''${path}/include\"" "ssdeep_inc_path=\"${ssdeep}/include\""
+    substituteInPlace modsecurity.conf-recommended \
+      --replace "SecUnicodeMapFile unicode.mapping 20127" "SecUnicodeMapFile $out/share/modsecurity/unicode.mapping 20127"
+  '';
+
+  postInstall = ''
+    mkdir -p $out/share/modsecurity
+    cp ${src}/{AUTHORS,CHANGES,LICENSE,README.md,modsecurity.conf-recommended,unicode.mapping} $out/share/modsecurity
+  '';
+
   enableParallelBuilding = true;
 
   meta = with lib; {
+    homepage = "https://github.com/SpiderLabs/ModSecurity";
     description = ''
       ModSecurity v3 library component.
     '';
@@ -40,7 +63,6 @@ stdenv.mkDerivation rec {
       the ModSecurity SecRules format and apply them to HTTP content provided
       by your application via Connectors.
     '';
-    homepage = "https://modsecurity.org/";
     license = licenses.asl20;
     platforms = platforms.all;
     maintainers = with maintainers; [ izorkin ];