modsecurity: 2.9.0 -> 2.9.2

* Enable building on macOS
* also fixes an issue where a system Lua install fooled the configure
script into thinking it was enabled.

2 files changed, 44 insertions, 19 deletions

diff --git a/pkgs/tools/security/modsecurity/Makefile.in.patch b/pkgs/tools/security/modsecurity/Makefile.in.patch
new file mode 100644
index 000000000000..98384c754ce7
--- /dev/null
+++ b/pkgs/tools/security/modsecurity/Makefile.in.patch
@@ -0,0 +1,17 @@
+--- a/apache2/Makefile.in	2017-10-10 09:45:51.000000000 -0400
++++ b/apache2/Makefile.in	2017-10-10 09:46:04.000000000 -0400
+@@ -1208,14 +1208,12 @@
+ @LINUX_TRUE@	for m in $(pkglib_LTLIBRARIES); do \
+ @LINUX_TRUE@	  base=`echo $$m | sed 's/\..*//'`; \
+ @LINUX_TRUE@	  rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \
+-@LINUX_TRUE@	  install -D -m444 $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES)/$$base.so; \
+ @LINUX_TRUE@	done
+ @LINUX_FALSE@install-exec-hook: $(pkglib_LTLIBRARIES)
+ @LINUX_FALSE@	@echo "Removing unused static libraries..."; \
+ @LINUX_FALSE@	for m in $(pkglib_LTLIBRARIES); do \
+ @LINUX_FALSE@	  base=`echo $$m | sed 's/\..*//'`; \
+ @LINUX_FALSE@	  rm -f $(DESTDIR)$(pkglibdir)/$$base.*a; \
+-@LINUX_FALSE@	  cp -p $(DESTDIR)$(pkglibdir)/$$base.so $(DESTDIR)$(APXS_MODULES); \
+ @LINUX_FALSE@	done
+ 
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/pkgs/tools/security/modsecurity/default.nix b/pkgs/tools/security/modsecurity/default.nix
index a5e03eb3fe16..2c02a5dd4736 100644
--- a/pkgs/tools/security/modsecurity/default.nix
+++ b/pkgs/tools/security/modsecurity/default.nix
@@ -1,35 +1,43 @@
 { stdenv, lib, fetchurl, pkgconfig
-, curl, apacheHttpd, pcre, apr, aprutil, libxml2 }:
+, curl, apacheHttpd, pcre, apr, aprutil, libxml2
+, luaSupport ? false, lua5
+}:
 
 with lib;
 
+let luaValue = if luaSupport then lua5 else "no";
+    optional = stdenv.lib.optional;
+in
+
 stdenv.mkDerivation rec {
   name = "modsecurity-${version}";
-  version = "2.9.0";
+  version = "2.9.2";
 
   src = fetchurl {
     url = "https://www.modsecurity.org/tarball/${version}/${name}.tar.gz";
-    sha256 = "e2bbf789966c1f80094d88d9085a81bde082b2054f8e38e0db571ca49208f434";
+    sha256 = "41a8f73476ec891f3a9e8736b98b64ea5c2105f1ce15ea57a1f05b4bf2ffaeb5";
   };
 
   nativeBuildInputs = [ pkgconfig ];
-  buildInputs = [ curl apacheHttpd pcre apr aprutil libxml2 ];
-  configureFlags = [
-    "--enable-standalone-module"
-    "--enable-static"
-    "--with-curl=${curl.dev}"
-    "--with-apxs=${apacheHttpd.dev}/bin/apxs"
-    "--with-pcre=${pcre.dev}"
-    "--with-apr=${apr.dev}"
-    "--with-apu=${aprutil.dev}/bin/apu-1-config"
-    "--with-libxml=${libxml2.dev}"
-  ];
+  buildInputs = [  curl apacheHttpd pcre apr aprutil libxml2 ] ++
+    optional luaSupport lua5;
+
+  configureFlags = ''
+    --enable-standalone-module
+    --enable-static
+    --with-curl=${curl.dev}
+    --with-apxs=${apacheHttpd.dev}/bin/apxs
+    --with-pcre=${pcre.dev}
+    --with-apr=${apr.dev}
+    --with-apu=${aprutil.dev}/bin/apu-1-config
+    --with-libxml=${libxml2.dev}
+    --with-lua=${luaValue}
+  '';
 
   outputs = ["out" "nginx"];
-
-  preBuild = ''
-    substituteInPlace apache2/Makefile.in --replace "install -D " "# install -D"
-  '';
+  # by default modsecurity's install script copies compiled output to httpd's modules folder
+  # this patch removes those lines
+  patches = [ ./Makefile.in.patch ];
 
   postInstall = ''
     mkdir -p $nginx
@@ -41,6 +49,6 @@ stdenv.mkDerivation rec {
     license = licenses.asl20;
     homepage = https://www.modsecurity.org/;
     maintainers = with maintainers; [offline];
-    platforms = platforms.linux;
+    platforms   = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
   };
 }