From ced421eff4202c74d9eef984c8b47e019893e1ab Mon Sep 17 00:00:00 2001 From: Izorkin Date: Sat, 18 Dec 2021 22:11:24 +0200 Subject: [PATCH] pkgs: init libmodsecurity at v3.0.6 --- configuration.nix | 1 + generic/overlays/default.nix | 6 +++ generic/pkgs/default.nix | 4 ++ generic/pkgs/libmodsecurity/default.nix | 70 +++++++++++++++++++++++++ 4 files changed, 81 insertions(+) create mode 100644 generic/overlays/default.nix create mode 100644 generic/pkgs/default.nix create mode 100644 generic/pkgs/libmodsecurity/default.nix diff --git a/configuration.nix b/configuration.nix index e02fcf3..05242d7 100644 --- a/configuration.nix +++ b/configuration.nix @@ -9,6 +9,7 @@ in ./generic/api/api.nix ./generic/modules/api.nix ./generic/modules/userdata.nix + ./generic/overlays/default.nix ./generic/services/backup/restic.nix ./generic/services/cloud/nextcloud.nix ./generic/services/git/gitea.nix diff --git a/generic/overlays/default.nix b/generic/overlays/default.nix new file mode 100644 index 0000000..85de732 --- /dev/null +++ b/generic/overlays/default.nix @@ -0,0 +1,6 @@ +{ lib, pkgs, ... }: +{ + nixpkgs.config.packageOverrides = pkgs: rec { + spdev = import ./../pkgs { inherit pkgs; }; + }; +} diff --git a/generic/pkgs/default.nix b/generic/pkgs/default.nix new file mode 100644 index 0000000..f11c4b5 --- /dev/null +++ b/generic/pkgs/default.nix @@ -0,0 +1,4 @@ +{ pkgs ? import { } }: +rec { + libmodsecurity = pkgs.callPackage ./libmodsecurity { }; +} \ No newline at end of file diff --git a/generic/pkgs/libmodsecurity/default.nix b/generic/pkgs/libmodsecurity/default.nix new file mode 100644 index 0000000..bd52944 --- /dev/null +++ b/generic/pkgs/libmodsecurity/default.nix @@ -0,0 +1,70 @@ +{ lib, stdenv, fetchFromGitHub +, autoreconfHook, bison, flex, pkg-config +, curl, geoip, libmaxminddb, libxml2, lmdb, lua, pcre +, ssdeep, valgrind, yajl +}: + +stdenv.mkDerivation rec { + pname = "libmodsecurity"; + version = "3.0.6"; + + src = fetchFromGitHub { + owner = "SpiderLabs"; + repo = "ModSecurity"; + rev = "v${version}"; + sha256 = "sha256-V+NBT2YN8qO3Px8zEzSA2ZsjSf1pv8+VlLxYlrpqfGg="; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ autoreconfHook bison flex pkg-config ]; + buildInputs = [ curl geoip libmaxminddb libxml2 lmdb lua pcre ssdeep valgrind yajl ]; + + outputs = [ "out" "dev" ]; + + configureFlags = [ + "--enable-parser-generation" + "--with-curl=${curl.dev}" + "--with-libxml=${libxml2.dev}" + "--with-lmdb=${lmdb.out}" + "--with-maxmind=${libmaxminddb}" + "--with-pcre=${pcre.dev}" + "--with-ssdeep=${ssdeep}" + ]; + + postPatch = '' + substituteInPlace build/lmdb.m4 \ + --replace "\''${path}/include/lmdb.h" "${lmdb.dev}/include/lmdb.h" \ + --replace "lmdb_inc_path=\"\''${path}/include\"" "lmdb_inc_path=\"${lmdb.dev}/include\"" + substituteInPlace build/ssdeep.m4 \ + --replace "/usr/local/libfuzzy" "${ssdeep}/lib" \ + --replace "\''${path}/include/fuzzy.h" "${ssdeep}/include/fuzzy.h" \ + --replace "ssdeep_inc_path=\"\''${path}/include\"" "ssdeep_inc_path=\"${ssdeep}/include\"" + substituteInPlace modsecurity.conf-recommended \ + --replace "SecUnicodeMapFile unicode.mapping 20127" "SecUnicodeMapFile $out/share/modsecurity/unicode.mapping 20127" + ''; + + postInstall = '' + mkdir -p $out/share/modsecurity + cp ${src}/{AUTHORS,CHANGES,LICENSE,README.md,modsecurity.conf-recommended,unicode.mapping} $out/share/modsecurity + ''; + + enableParallelBuilding = true; + + meta = with lib; { + homepage = "https://github.com/SpiderLabs/ModSecurity"; + description = '' + ModSecurity v3 library component. + ''; + longDescription = '' + Libmodsecurity is one component of the ModSecurity v3 project. The + library codebase serves as an interface to ModSecurity Connectors taking + in web traffic and applying traditional ModSecurity processing. In + general, it provides the capability to load/interpret rules written in + the ModSecurity SecRules format and apply them to HTTP content provided + by your application via Connectors. + ''; + license = licenses.asl20; + platforms = platforms.all; + maintainers = with maintainers; [ izorkin ]; + }; +} \ No newline at end of file