From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 44ABF139085 for ; Tue, 27 Dec 2016 07:33:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B342F21C081; Tue, 27 Dec 2016 07:33:32 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8743621C081 for ; Tue, 27 Dec 2016 07:33:32 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 34A7A341016 for ; Tue, 27 Dec 2016 07:33:31 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 902E824E1 for ; Tue, 27 Dec 2016 07:33:29 +0000 (UTC) From: "Slawek Lis" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Slawek Lis" Message-ID: <1482823990.a43050c1456321619ef97dfdeb5a158593fef58d.slis@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/, net-analyzer/suricata/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-analyzer/suricata/files/suricata-3.2-conf net-analyzer/suricata/files/suricata-3.2-init net-analyzer/suricata/suricata-3.2.ebuild X-VCS-Directories: net-analyzer/suricata/files/ net-analyzer/suricata/ X-VCS-Committer: slis X-VCS-Committer-Name: Slawek Lis X-VCS-Revision: a43050c1456321619ef97dfdeb5a158593fef58d X-VCS-Branch: master Date: Tue, 27 Dec 2016 07:33:29 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 4a79f6d8-9a56-4a97-85b6-7cdcb78c5837 X-Archives-Hash: ec0944e0bdd20f203515bfe2b989460c commit: a43050c1456321619ef97dfdeb5a158593fef58d Author: Slawomir Lis gentoo org> AuthorDate: Tue Dec 27 07:33:10 2016 +0000 Commit: Slawek Lis gentoo org> CommitDate: Tue Dec 27 07:33:10 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a43050c1 net-analyzer/suricata: updated init script and config file Updated way the script starts suricata, it allows to define config values inline now. Details in bug 602590. Package-Manager: Portage-2.3.3, Repoman-2.3.1 net-analyzer/suricata/files/suricata-3.2-conf | 4 ++-- net-analyzer/suricata/files/suricata-3.2-init | 26 ++++++++++++-------------- net-analyzer/suricata/suricata-3.2.ebuild | 2 -- 3 files changed, 14 insertions(+), 18 deletions(-) diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf index bc6e281..61715ba 100644 --- a/net-analyzer/suricata/files/suricata-3.2-conf +++ b/net-analyzer/suricata/files/suricata-3.2-conf @@ -23,8 +23,8 @@ # # You can then define the following options here: -# SURICATA_OPTS_q0="-i eth0" -# SURICATA_OPTS_q1="-i eth1" +# SURICATA_OPTS_q0="-q 0" +# SURICATA_OPTS_q1="-q 1" # If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata # then you can set: diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init index 3a9c356..d612815 100644 --- a/net-analyzer/suricata/files/suricata-3.2-init +++ b/net-analyzer/suricata/files/suricata-3.2-init @@ -16,6 +16,7 @@ else SURICATAPID="/var/run/suricata/suricata.pid" SURICATAOPTS=${SURICATA_OPTS} fi +[ -e ${SURICATACONF} ] && SURICATAOPTS="${SURICATAOPTS} -c ${SURICATACONF}" extra_commands="checkconfig" extra_started_commands="reload relog" @@ -28,8 +29,9 @@ depend() { checkconfig() { if [ ! -e ${SURICATACONF} ] ; then - eerror "You need to create ${SURICATACONF} to run ${SVCNAME}." - return 1 + einfo "The configuration file ${SURICATACONF} was not found." + einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata." + einfo "Take a look at the suricata arguments --set and --dump-config." fi if [ ! -d "/var/run/suricata" ] ; then checkpath -d /var/run/suricata @@ -37,7 +39,7 @@ checkconfig() { } initpidinfo() { - [ -f ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})" + [ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})" if [ ${#SUR_PID} -gt 0 ]; then SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)" @@ -46,7 +48,7 @@ initpidinfo() { checkpidinfo() { initpidinfo - if [ ! -f ${SURICATAPID} ]; then + if [ ! -e ${SURICATAPID} ]; then eerror "${SVCNAME} isn't running" return 1 elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then @@ -65,12 +67,11 @@ start() { checkconfig || return 1 ebegin "Starting ${SVCNAME}" start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \ - -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} \ - -c ${SURICATACONF} >/dev/null 2>&1 + -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} >/dev/null 2>&1 local SUR_EXIT=$? if [ $((SUR_EXIT)) -ne 0 ]; then einfo "Could not start ${SURICATA_BIN} with:" - einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} -c ${SURICATACONF}" + einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS}" einfo "Exit code ${SUR_EXIT}" fi eend ${SUR_EXIT} @@ -80,14 +81,13 @@ stop() { ebegin "Stopping ${SVCNAME}" initpidinfo start-stop-daemon --stop --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1 - einfon "Waiting for ${SVCNAME} to shut down. This can take a while..." - echo + einfo "Waiting for ${SVCNAME} to shut down. This can take a while..." # max wait: 5 minutes as it can take quite a while on some systems with heavy traffic local cnt=300 - while [ -f ${SURICATAPID} ] && [ $cnt -gt 0 ]; do + while [ -e ${SURICATAPID} ] && [ $cnt -gt 0 ]; do cnt=$(expr $cnt - 1) sleep 1 - echo -ne "$cnt seconds left before we give up checking the PID file...\r" + einfo -ne "$cnt seconds left before we give up checking the PID file...\r" done # under certain conditions suricata can be pretty slow and the PID can persist long after the pidfile has been removed # max wait for process to terminate: 1 minute @@ -95,19 +95,17 @@ stop() { cnt=60 SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" if [ $((SUR_PID_CHECK)) -ne 0 ]; then - echo einfo "The PID file ${SURICATAPID} is gone but the ${SVCNAME} PID ${SUR_PID} is still running." einfo "Waiting for process to shut down on its own. This can take a while..." fi while [ $((SUR_PID_CHECK)) -ne 0 ]; do cnt=$(expr $cnt - 1) if [ $cnt -lt 1 ] ; then - echo eend 1 "Failed. You might need to kill PID ${SUR_PID} or find out why it can't be stopped." break fi sleep 1 - echo -ne "$cnt seconds left before we give up checking PID ${SUR_PID}...\r" + einfo -ne "$cnt seconds left before we give up checking PID ${SUR_PID}...\r" SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})" done fi diff --git a/net-analyzer/suricata/suricata-3.2.ebuild b/net-analyzer/suricata/suricata-3.2.ebuild index 078186b..ba4903c 100644 --- a/net-analyzer/suricata/suricata-3.2.ebuild +++ b/net-analyzer/suricata/suricata-3.2.ebuild @@ -118,8 +118,6 @@ src_install() { dodir "/var/lib/${PN}" dodir "/var/log/${PN}" - dodir "/var/log/${PN}" \ - "/var/lib/${PN}" fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}" fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"