tjh.dev
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
1{
2 stdenv,
3 lib,
4 fetchFromGitHub,
5 pkg-config,
6 autoreconfHook,
7 curl,
8 apacheHttpd,
9 pcre,
10 apr,
11 aprutil,
12 libxml2,
13 luaSupport ? false,
14 lua5,
15 perl,
16 versionCheckHook,
17}:
18
19let
20 luaValue = if luaSupport then lua5 else "no";
21 optional = lib.optional;
22in
23
24stdenv.mkDerivation (finalAttrs: {
25 pname = "modsecurity";
26 version = "2.9.12";
27
28 src = fetchFromGitHub {
29 owner = "owasp-modsecurity";
30 repo = "modsecurity";
31 tag = "v${finalAttrs.version}";
32 hash = "sha256-scMOiu8oI3+VcXe05gLNQ8ILmnP4iwls8ZZ9r+3ei5Y=";
33 };
34
35 nativeBuildInputs = [
36 pkg-config
37 autoreconfHook
38 ];
39 buildInputs = [
40 curl
41 apacheHttpd
42 pcre
43 apr
44 aprutil
45 libxml2
46 ]
47 ++ optional luaSupport lua5;
48
49 configureFlags = [
50 "--enable-standalone-module"
51 "--enable-static"
52 "--with-curl=${curl.dev}"
53 "--with-apxs=${apacheHttpd.dev}/bin/apxs"
54 "--with-pcre=${pcre.dev}"
55 "--with-apr=${apr.dev}"
56 "--with-apu=${aprutil.dev}/bin/apu-1-config"
57 "--with-libxml=${libxml2.dev}"
58 "--with-lua=${luaValue}"
59 ];
60
61 enableParallelBuilding = true;
62
63 outputs = [
64 "out"
65 "nginx"
66 ];
67 patches = [
68 # by default modsecurity's install script copies compiled output to httpd's modules folder
69 # this patch removes those lines
70 ./Makefile.am.patch
71 ];
72
73 doCheck = true;
74 nativeCheckInputs = [ perl ];
75
76 postInstall = ''
77 mkdir -p $nginx
78 cp -R * $nginx
79 '';
80
81 doInstallCheck = true;
82 nativeInstallCheckInputs = [
83 versionCheckHook
84 ];
85 versionCheckProgramArg = "-v";
86 versionCheckProgram = "${placeholder "out"}/bin/mlogc";
87
88 meta = {
89 description = "Open source, cross-platform web application firewall (WAF)";
90 license = lib.licenses.asl20;
91 homepage = "https://github.com/owasp-modsecurity/ModSecurity";
92 maintainers = with lib.maintainers; [ offline ];
93 platforms = lib.platforms.linux ++ lib.platforms.darwin;
94 };
95})