# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=5 inherit autotools MY_PN=modsecurity MY_P=${MY_PN}-v${PV} DESCRIPTION="Application firewall and intrusion detection for Apache" HOMEPAGE="http://www.modsecurity.org/" SRC_URI="https://github.com/SpiderLabs/ModSecurity/releases/download/v3.0.7/modsecurity-v3.0.7.tar.gz" RESTRICT="primaryuri" LICENSE="Apache-2.0" SLOT="0" KEYWORDS="amd64 ~x86" IUSE="doc fuzzyhash -geoip +geoip2 json lmdb lua +pcre2" COMMON_DEPEND="dev-libs/apr dev-libs/apr-util[openssl] dev-libs/libxml2 dev-libs/libpcre net-misc/curl fuzzyhash? ( app-crypt/ssdeep ) json? ( dev-libs/yajl ) lmdb? ( dev-db/lmdb ) lua? ( dev-lang/lua:0 ) pcre2? ( dev-libs/libpcre2 )" DEPEND="${COMMON_DEPEND} doc? ( app-doc/doxygen )" RDEPEND="${COMMON_DEPEND} geoip? ( dev-libs/geoip ) geoip2? ( dev-libs/libmaxminddb ) !www-misc/modsecurity" S="${WORKDIR}/${MY_P}" # Tests require symbols only defined within the Apache binary. RESTRICT=test src_prepare() { sed -i -e 's/libmodsecurity.a/libmodsecurity.la/' examples/reading_logs_via_rule_message/Makefile.in || die "Sed failed!" sed -i -e 's/libmodsecurity.a/libmodsecurity.la/' examples/reading_logs_via_rule_message/Makefile.am || die "Sed failed!" sed -i -e 's/libmodsecurity.a/libmodsecurity.la/' examples/using_bodies_in_chunks/Makefile.in || die "Sed failed!" sed -i -e 's/libmodsecurity.a/libmodsecurity.la/' examples/using_bodies_in_chunks/Makefile.am || die "Sed failed!" sed -i -e 's/libmodsecurity.a/libmodsecurity.la/' examples/reading_logs_with_offset/Makefile.in || die "Sed failed!" sed -i -e 's/libmodsecurity.a/libmodsecurity.la/' examples/reading_logs_with_offset/Makefile.am || die "Sed failed!" sed -i -e 's:./modsec-shared-collections:/var/lib/modsecurity/modsec-shared-collections:' src/collection/backend/lmdb.cc || die "Sed failed!" # Some of the directories are dependent on automake 1.15 # Either set to depend on automake:1.15 or reconfigure eautoconf eautomake } src_configure() { econf --enable-shared \ --disable-static \ --with-pic \ $(use_with fuzzyhash ssdeep) \ $(use_with geoip ) \ $(use_with geoip2 maxmind) \ $(use_with json yajl) \ $(use_with lmdb) \ $(use_with lua) \ $(use_with pcre2) } src_compile() { default # Building the docs is broken at the moment, see e.g. # https://github.com/SpiderLabs/ModSecurity/issues/1322 if use doc; then doxygen doc/doxygen-apache.conf || die 'failed to build documentation' fi } src_install() { emake DESTDIR="${D}" install dodoc AUTHORS CHANGES README.md modsecurity.conf-recommended unicode.mapping if use doc; then dodoc -r doc/apache/html fi # Use /var/lib instead of /var/cache. This stuff is "persistent," # and isn't a cached copy of something that we can recreate. # Bug 605496. keepdir /var/lib/modsecurity fowners root:root /var/lib/modsecurity fperms 0750 /var/lib/modsecurity #for dir in data tmp upload; do #keepdir "/var/lib/modsecurity/${dir}" #fowners apache:apache "/var/lib/modsecurity/${dir}" #fperms 0750 "/var/lib/modsecurity/${dir}" #done keepdir /etc/modsecurity insinto /etc/modsecurity doins "${FILESDIR}"/main.conf.example doins modsecurity.conf-recommended doins unicode.mapping } pkg_postinst() { elog "The base configuration file has been renamed ${APACHE2_MOD_CONF}" elog "so that you can put your own configuration in (for example)" elog "90_modsecurity_local.conf." elog "" elog "That would be the correct place for site-global security rules." elog "Note: 80_modsecurity_crs.conf is used by www-apache/modsecurity-crs" elog "" elog "If libmodsecurity is built with lmdb, remove the files modsec-shared-collections*" elog "in /var/lib/modsecurity/ otherwise it will not serve content" }