pkgs/tools/security/libmodsecurity/default.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / tools / security / libmodsecurity / default.nix
at master 3.1 kB view raw
  1{
  2  lib,
  3  stdenv,
  4  fetchFromGitHub,
  5  autoreconfHook,
  6  bison,
  7  flex,
  8  pkg-config,
  9  curl,
 10  geoip,
 11  libmaxminddb,
 12  libxml2,
 13  lmdb,
 14  lua,
 15  pcre,
 16  pcre2,
 17  ssdeep,
 18  yajl,
 19  nixosTests,
 20}:
 21
 22stdenv.mkDerivation rec {
 23  pname = "libmodsecurity";
 24  version = "3.0.14";
 25
 26  src = fetchFromGitHub {
 27    owner = "owasp-modsecurity";
 28    repo = "ModSecurity";
 29    rev = "v${version}";
 30    hash = "sha256-SaeBO3+WvPhHiJoiOmijB0G3/QYxjAdxgeCVqESS+4U=";
 31    fetchSubmodules = true;
 32  };
 33
 34  nativeBuildInputs = [
 35    autoreconfHook
 36    bison
 37    flex
 38    pkg-config
 39  ];
 40  buildInputs = [
 41    curl
 42    geoip
 43    libmaxminddb
 44    libxml2
 45    lmdb
 46    lua
 47    pcre
 48    pcre2
 49    ssdeep
 50    yajl
 51  ];
 52
 53  outputs = [
 54    "out"
 55    "dev"
 56  ];
 57
 58  configureFlags = [
 59    "--enable-parser-generation"
 60    "--disable-doxygen-doc"
 61    "--with-curl=${curl.dev}"
 62    "--with-libxml=${libxml2.dev}"
 63    "--with-lmdb=${lmdb.out}"
 64    "--with-maxmind=${libmaxminddb}"
 65    "--with-pcre=${pcre.dev}"
 66    "--with-pcre2=${pcre2.out}"
 67    "--with-ssdeep=${ssdeep}"
 68  ];
 69
 70  postPatch = ''
 71    substituteInPlace build/lmdb.m4 \
 72      --replace "\''${path}/include/lmdb.h" "${lmdb.dev}/include/lmdb.h" \
 73      --replace "lmdb_inc_path=\"\''${path}/include\"" "lmdb_inc_path=\"${lmdb.dev}/include\""
 74    substituteInPlace build/pcre2.m4 \
 75      --replace "/usr/local/pcre2" "${pcre2.out}/lib" \
 76      --replace "\''${path}/include/pcre2.h" "${pcre2.dev}/include/pcre2.h" \
 77      --replace "pcre2_inc_path=\"\''${path}/include\"" "pcre2_inc_path=\"${pcre2.dev}/include\""
 78    substituteInPlace build/ssdeep.m4 \
 79      --replace "/usr/local/libfuzzy" "${ssdeep}/lib" \
 80      --replace "\''${path}/include/fuzzy.h" "${ssdeep}/include/fuzzy.h" \
 81      --replace "ssdeep_inc_path=\"\''${path}/include\"" "ssdeep_inc_path=\"${ssdeep}/include\""
 82    substituteInPlace modsecurity.conf-recommended \
 83      --replace "SecUnicodeMapFile unicode.mapping 20127" "SecUnicodeMapFile $out/share/modsecurity/unicode.mapping 20127"
 84  '';
 85
 86  postInstall = ''
 87    mkdir -p $out/share/modsecurity
 88    cp ${src}/{AUTHORS,CHANGES,LICENSE,README.md,modsecurity.conf-recommended,unicode.mapping} $out/share/modsecurity
 89  '';
 90
 91  enableParallelBuilding = true;
 92
 93  passthru.tests = {
 94    nginx-modsecurity = nixosTests.nginx-modsecurity;
 95  };
 96
 97  meta = with lib; {
 98    homepage = "https://github.com/owasp-modsecurity/ModSecurity";
 99    description = ''
100      ModSecurity v3 library component.
101    '';
102    longDescription = ''
103      Libmodsecurity is one component of the ModSecurity v3 project. The
104      library codebase serves as an interface to ModSecurity Connectors taking
105      in web traffic and applying traditional ModSecurity processing. In
106      general, it provides the capability to load/interpret rules written in
107      the ModSecurity SecRules format and apply them to HTTP content provided
108      by your application via Connectors.
109    '';
110    license = licenses.asl20;
111    platforms = platforms.all;
112    maintainers = with maintainers; [ izorkin ];
113    mainProgram = "modsec-rules-check";
114  };
115}