nixpkgs/pkgs/tools/security/modsecurity/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

58 lines
1.5 KiB
Nix
Raw Normal View History

{ stdenv, lib, fetchFromGitHub, pkg-config, autoreconfHook
, curl, apacheHttpd, pcre, apr, aprutil, libxml2
, luaSupport ? false, lua5, perl
}:
2015-09-23 18:28:29 +00:00
let luaValue = if luaSupport then lua5 else "no";
2021-01-15 09:19:50 +00:00
optional = lib.optional;
in
2015-09-23 18:28:29 +00:00
stdenv.mkDerivation rec {
pname = "modsecurity";
2023-01-09 02:13:29 +00:00
version = "2.9.7";
2015-09-23 18:28:29 +00:00
src = fetchFromGitHub {
owner = "SpiderLabs";
repo = pname;
rev = "v${version}";
2023-01-09 02:13:29 +00:00
sha256 = "sha256-hJ8wYeC83dl85bkUXGZKHpHzw9QRgtusj1/+Coxsx0k=";
2015-09-23 18:28:29 +00:00
};
nativeBuildInputs = [ pkg-config autoreconfHook ];
buildInputs = [ curl apacheHttpd pcre apr aprutil libxml2 ] ++
optional luaSupport lua5;
configureFlags = [
"--enable-standalone-module"
"--enable-static"
"--with-curl=${curl.dev}"
"--with-apxs=${apacheHttpd.dev}/bin/apxs"
"--with-pcre=${pcre.dev}"
"--with-apr=${apr.dev}"
"--with-apu=${aprutil.dev}/bin/apu-1-config"
"--with-libxml=${libxml2.dev}"
"--with-lua=${luaValue}"
];
2015-09-23 18:28:29 +00:00
outputs = ["out" "nginx"];
# by default modsecurity's install script copies compiled output to httpd's modules folder
# this patch removes those lines
patches = [ ./Makefile.am.patch ];
doCheck = true;
nativeCheckInputs = [ perl ];
2015-09-23 18:28:29 +00:00
postInstall = ''
mkdir -p $nginx
cp -R * $nginx
'';
meta = with lib; {
2015-09-23 18:28:29 +00:00
description = "Open source, cross-platform web application firewall (WAF)";
license = licenses.asl20;
homepage = "https://www.modsecurity.org/";
2015-09-23 18:28:29 +00:00
maintainers = with maintainers; [offline];
2021-01-15 13:21:58 +00:00
platforms = lib.platforms.linux ++ lib.platforms.darwin;
2015-09-23 18:28:29 +00:00
};
}