Skip to content

fix: patch msc_find_lib.m4 for multiarch library detection#426

Merged
theseion merged 1 commit into
mainfrom
fix/modsec3-arch-detection
May 18, 2026
Merged

fix: patch msc_find_lib.m4 for multiarch library detection#426
theseion merged 1 commit into
mainfrom
fix/modsec3-arch-detection

Conversation

@fzipi
Copy link
Copy Markdown
Member

@fzipi fzipi commented May 18, 2026
edited by coderabbitai Bot
Loading

ModSecurity v3.0.15 refactored library detection to centralize hardcoded architecture paths in build/msc_find_lib.m4. The ssdeep.m4 and pcre2.m4 files are now thin wrappers that delegate to MSC_CHECK_LIB.

Patch only msc_find_lib.m4 to replace 'i386-linux-gnu' with the actual detected architecture. This fixes SSDEEP library detection on arm64 and other non-x86 platforms.

Fixes build failures on linux/arm64 and linux/i386 with ModSecurity v3.0.15.

Summary by CodeRabbit

  • Chores
    • Updated ModSecurity build configuration in Docker images (standard and Alpine variants) to refine multi-architecture support during the build process.

Review Change Stack

@fzipi
fix: patch msc_find_lib.m4 for multiarch library detection
5fd0a41 
ModSecurity v3.0.15 refactored library detection to centralize hardcoded
architecture paths in build/msc_find_lib.m4. The ssdeep.m4 and pcre2.m4
files are now thin wrappers that delegate to MSC_CHECK_LIB.

Patch only msc_find_lib.m4 to replace 'i386-linux-gnu' with the actual
detected architecture. This fixes SSDEEP library detection on arm64 and
other non-x86 platforms.

Fixes: build failures on linux/arm64 and linux/i386

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 18, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: e8b8c904-b94e-45ff-835e-6f3cffcac5fd

📥 Commits

Reviewing files that changed from the base of the PR and between dbcb017 and 5fd0a41.

📒 Files selected for processing (2)
  • nginx/Dockerfile
  • nginx/Dockerfile-alpine
📝 Walkthrough

Walkthrough

This pull request updates the ModSecurity build-time architecture substitution logic in both nginx/Dockerfile and nginx/Dockerfile-alpine. The sed command that previously patched ssdeep.m4 and pcre2.m4 is changed to patch msc_find_lib.m4 instead, altering which build configuration script receives the architecture variable substitution.

Changes

ModSecurity Build Architecture Substitution

Layer / File(s) Summary
Architecture substitution target redirection
nginx/Dockerfile, nginx/Dockerfile-alpine		 The build-time sed command that performs the i386-linux-gnu${ARCH} substitution is retargeted from build/ssdeep.m4 and build/pcre2.m4 to build/msc_find_lib.m4 in both Dockerfile variants.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A rabbit hops through Dockerfiles with glee,
Substituting paths where libraries be,
From ssdeep and pcre2's old nest,
To msc_find_lib—now that's the best! 🐰✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: patching msc_find_lib.m4 to fix multiarch library detection in ModSecurity, which is the core objective of the PR.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/modsec3-arch-detection

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@fzipi fzipi requested a review from Copilot May 18, 2026 11:10
@fzipi fzipi added the fix label May 18, 2026
Copilot AI reviewed May 18, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the ModSecurity v3 build patching logic for nginx images to match ModSecurity 3.0.15’s refactored library detection, where architecture-specific paths are centralized in build/msc_find_lib.m4.

Changes:

  • Replaces separate patches to ssdeep.m4 and pcre2.m4.
  • Applies the architecture replacement once in msc_find_lib.m4.
  • Keeps both Debian-based and Alpine nginx builds aligned.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
nginx/Dockerfile Updates Debian-based nginx ModSecurity v3 build patching to target msc_find_lib.m4.
nginx/Dockerfile-alpine Updates Alpine nginx ModSecurity v3 build patching to target msc_find_lib.m4.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@theseion theseion merged commit 9df7fe7 into main May 18, 2026
18 checks passed
@theseion theseion deleted the fix/modsec3-arch-detection branch May 18, 2026 11:37
@fzipi fzipi mentioned this pull request May 18, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@theseion theseion theseion approved these changes

Assignees

No one assigned

Labels

fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fzipi @theseion