MODULES+=	modsecurity

MODULE_SUMMARY_modsecurity=	3rd-party ModSecurity dynamic module

include $(CONTRIB)/src/modsecurity/version
include $(CONTRIB)/src/modsecurity-nginx/version
include $(CONTRIB)/src/libinjection/version
include $(CONTRIB)/src/secrules-language-tests/version
include $(CONTRIB)/src/modsecurity-python-bindings/version

MODULE_VERSION_modsecurity=	$(MODSECURITY_NGINX_VERSION)
MODULE_RELEASE_modsecurity=	4

MODULE_VERSION_PREFIX_modsecurity=$(MODULE_TARGET_PREFIX)

MODULE_SOURCES_modsecurity=	modsecurity-$(MODSECURITY_GITHASH).tar.xz \
				modsecurity-nginx-$(MODSECURITY_NGINX_GITHASH).tar.xz \
				libinjection-$(LIBINJECTION_GITHASH).tar.xz \
				secrules-language-tests-$(SECRULES_LANGUAGE_TESTS_GITHASH).tar.xz \
				modsecurity-python-bindings-$(MODSECURITY_PYTHON_BINDINGS_GITHASH).tar.xz

MODULE_PATCHES_lua= $(CONTRIB)/src/modsecurity/PR2580.patch

MODULE_CONFARGS_modsecurity=	--add-dynamic-module=$(MODSRC_PREFIX)modsecurity-nginx-$(MODSECURITY_NGINX_GITHASH) \
				--without-pcre2

.deps-module-modsecurity:
	cd $(CONTRIB) && make \
		.sum-libinjection \
		.sum-secrules-language-tests \
		.sum-modsecurity-python-bindings \
		.sum-modsecurity \
		.sum-modsecurity-nginx
	touch $@

prerequisites-for-module-modsecurity:

MODULE_BUILD_DEPENDS_modsecurity=yajl-dev libxml2-dev curl-dev patchelf pcre-dev libtool autoconf automake

define MODULE_PREBUILD_modsecurity
	cd ../modsecurity-$(MODSECURITY_GITHASH) \&\& \
	rm -rf others/libinjection \&\& \
	ln -s ../../libinjection others/libinjection \&\& \
	rm -rf test/test-cases/secrules-language-tests \&\& \
	ln -s ../../../secrules-language-tests test/test-cases/secrules-language-tests \&\& \
	rm -rf bindings/python \&\& \
	ln -s ../../modsecurity-python-bindings bindings/python \&\& \
	./build.sh \&\& \
	./configure --prefix `pwd`/local --without-lmdb --without-lua \&\& \
	make $$_make_opts install \&\& make check-TESTS
	rm -f /tmp/audit_test.log /tmp/audit_test_parallel.log
	rm -rf /tmp/test
endef
export MODULE_PREBUILD_modsecurity

define MODULE_ENV_modsecurity
MODSECURITY_INC="../modsecurity-$(MODSECURITY_GITHASH)/local/include" \
MODSECURITY_LIB="../modsecurity-$(MODSECURITY_GITHASH)/local/lib" \
NGX_IGNORE_RPATH=YES
endef
export MODULE_ENV_modsecurity

MODULE_CC_OPT_DEBUG_modsecurity=-DMODSECURITY_DDEBUG=1

define MODULE_PREINSTALL_modsecurity
	mkdir -p "$$pkgdir"/usr/bin
	install -m755 -s ../modsecurity-$(MODSECURITY_GITHASH)/local/bin/modsec-rules-check "$$pkgdir"/usr/bin/
	patchelf --remove-rpath "$$pkgdir"/usr/bin/modsec-rules-check
	mkdir -p "$$pkgdir"/usr/lib
	MDH=../modsecurity-$(MODSECURITY_GITHASH)/headers/modsecurity/modsecurity.h
	MAJOR=$$(awk '/define MODSECURITY_MAJOR /{print $$3}' $$MDH | sed 's/"//g')
	MINOR=$$(awk '/define MODSECURITY_MINOR /{print $$3}' $$MDH | sed 's/"//g')
	PATCHLEV=$$(awk '/define MODSECURITY_PATCHLEVEL / {print $$3}' $$MDH | sed 's/"//g')
	LIBMODSECURITY_SOVER=$${MAJOR}.$${MINOR}.$${PATCHLEV}
	install -m755 ../modsecurity-$(MODSECURITY_GITHASH)/local/lib/libmodsecurity.so.$$LIBMODSECURITY_SOVER "$$pkgdir"/usr/lib/
	ln -fs libmodsecurity.so.$$LIBMODSECURITY_SOVER "$$pkgdir"/usr/lib/libmodsecurity.so.$$MAJOR
	ln -fs libmodsecurity.so.$$LIBMODSECURITY_SOVER "$$pkgdir"/usr/lib/libmodsecurity.so
	mkdir -p "$$pkgdir"/etc/nginx/modsec
	install -m644 ../modsecurity-$(MODSECURITY_GITHASH)/modsecurity.conf-recommended "$$pkgdir"/etc/nginx/modsec/modsecurity.conf
	install -m644 ../modsecurity-$(MODSECURITY_GITHASH)/unicode.mapping "$$pkgdir"/etc/nginx/modsec/
endef
export MODULE_PREINSTALL_modsecurity

MODULE_TESTS_modsecurity=modsecurity-nginx-$(MODSECURITY_NGINX_GITHASH)/tests

define MODULE_POST_modsecurity
cat <<BANNER
----------------------------------------------------------------------

The $(MODULE_SUMMARY_modsecurity) for $(MODULE_SUMMARY_PREFIX) has been installed.
To enable this module, add the following to /etc/nginx/nginx.conf
and reload nginx:

    load_module modules/ngx_http_modsecurity_module.so;

Please refer to the module documentation for further details:
https://github.com/SpiderLabs/ModSecurity-nginx

----------------------------------------------------------------------
BANNER

/sbin/ldconfig
endef
export MODULE_POST_modsecurity