* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
@ 2016-12-15 6:17 Slawek Lis
0 siblings, 0 replies; 11+ messages in thread
From: Slawek Lis @ 2016-12-15 6:17 UTC (permalink / raw
To: gentoo-commits
commit: c0f80ffc742747068ff2850114a76afb05ffea09
Author: Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 15 06:16:44 2016 +0000
Commit: Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Thu Dec 15 06:16:44 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0f80ffc
net-analyzer/suricata: Version bump to 3.2
Reported in bug 602590.
Reported-By: Vieri <rentorbuy <AT> yahoo.com>
Package-Manager: Portage-2.3.3, Repoman-2.3.1
net-analyzer/suricata/Manifest | 1 +
net-analyzer/suricata/files/suricata-3.2-conf | 31 ++++++
net-analyzer/suricata/files/suricata-3.2-init | 82 +++++++++++++++
net-analyzer/suricata/suricata-3.2.ebuild | 139 ++++++++++++++++++++++++++
4 files changed, 253 insertions(+)
diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index a2dfaa8..82918e3 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -3,3 +3,4 @@ DIST suricata-3.0.1.tar.gz 3315637 SHA256 74c685f8da51b3f038a7b8185bdbed274aca25
DIST suricata-3.1.2.tar.gz 3338099 SHA256 f9e7742580849f202254e75d9fc245ba53f4d7490f47a6d30f02a7b10aacc512 SHA512 93332193d424b44a7bad5e49132b652a87bcfde3959ab8d0f8229ff41c7db63f49511899a709bb12431c57ded8ddbca8a596a83dde01f979154a4412ae2dc316 WHIRLPOOL 369c5ac924f64bbc79d9233912b3b6b66424b02f6b2af721c19e571d23465ca3f9d6ee2ada15499bb29abe987788a4a59f0a8dd7145a14055b12bf22cb40a9fd
DIST suricata-3.1.3.tar.gz 3340627 SHA256 bd89c269e29b03a8898ccabccfb7fcab11c1aa036444772e117705f3b37b4174 SHA512 d29c2c4344d52ba3d8c5ed4331a35b512e323c9a13a73e3039df6406d8c6389d05e3b311db6b561125c12dfbea67b121afbdecb7f0a5cb0594cf339b492726fb WHIRLPOOL 720f668480bfa05e7e6c32bb63f09af6d38e46b909ab4d0d9879cd069436215eb3b4bb1778147de82344b6879a1b3e04da0af2e14084bb1b74472ecc727c4ebe
DIST suricata-3.1.tar.gz 3327181 SHA256 a05aa534166495a4d9ea6104a936bc8edb49376aeb3ba0b1b2a4d9687d016669 SHA512 64483951136f064ed3ad0e01276ac633e53aed511d5517b67d6ab2b81e7c2af436dcece7f8a2576c741cd79d19176da622775ff580f2f0cf747fd134ddcfd352 WHIRLPOOL 39a79626ab496789676a39f62cf2c6cfdfc592d0d04add63f711d7487364fcdd54be63d73b0529b39a5ef9aa30dadaf5ae5af57ff51cf65d9ecfd2ea5f2451ff
+DIST suricata-3.2.tar.gz 11732080 SHA256 41cbe19c6fd6bd51ebcbc29063f558e2fbba4a2450e5809fee2e461f16a4ed68 SHA512 327f5a62449af44f6cb95220e1ff9bf61b51db7bd25f2b1e8def3e8650ba754304cf9d02fc30b46b6cbaa6b5f94fa3d4be90edb8a293ff3b6c0927b596a2976e WHIRLPOOL b6d4c2c08e34da2b4dee4087831a0a9dcad836737489e2599938d74b74c624e455d0f1299ef7c4e70df038ac13dcd29344c2117b44310f8dc42d9f0fad0c3e15
diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf
new file mode 100644
index 00000000..dfb1471
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-3.2-conf
@@ -0,0 +1,31 @@
+# Config file for /etc/init.d/suricata*
+
+# Where config files are stored. Default:
+
+# SURICATA_DIR="/etc/suricata"
+
+# Pass options to each suricata service.
+# You can launch more than one service at the same time with different options.
+# This can be useful in a multi-queue gateway, for example.
+# You can expand on the Suricata inline example found at:
+# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux
+# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance"
+# on several queues. You can then have a Suricata instance processing traffic for each queue.
+# This should help improve performance on the gateway/firewall.
+# Suppose you configured iptables to use queues 0 and 1. You can now do the following:
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
+# mkdir /var/log/suricata/q{0,1}
+# Edit both suricata-q{0,1}.yaml files and set values accordingly (eg. set the suricata.log file path to
+# a dedicated dir in the section "logging:outputs:-file").
+# You can then define the following options here:
+
+# SURICATA_OPTS[q0]="-q 0 -l /var/log/suricata/q0"
+# SURICATA_OPTS[q1]="-q 1 -l /var/log/suricata/q1"
+
+# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata
+# then you can set:
+
+# SURICATA_OPTIONS="-i eth0"
diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init
new file mode 100644
index 00000000..2a9d46f
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-3.2-init
@@ -0,0 +1,82 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+SURICATA_DIR=${SURICATA_DIR:-/etc/suricata}
+SURICATA=${SVCNAME#*.}
+if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
+ SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml"
+ SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
+ SURICATAOPTS=${SURICATA_OPTS[${SURICATA}]}
+else
+ SURICATACONF="${SURICATA_DIR}/suricata.yaml"
+ SURICATAPID="/var/run/suricata/suricata.pid"
+ SURICATAOPTS=${SURICATA_OPTIONS}
+fi
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+depend() {
+ need net
+ after mysql
+ after postgresql
+}
+
+checkconfig() {
+ if [ ! -e ${SURICATACONF} ] ; then
+ eerror "You need to create ${SURICATACONF} to run ${SVCNAME}."
+ return 1
+ fi
+ if [ ! -d "/var/run/suricata" ] ; then
+ checkpath -d /var/run/suricata
+ fi
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --quiet --exec /usr/bin/suricata \
+ -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} \
+ -c ${SURICATACONF} >/dev/null 2>&1
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
+ einfon "Waiting for ${SVCNAME} to shut down. This can take a while..."
+ echo
+ # max wait: 5 minutes as it can take quite a while on some systems with heavy traffic
+ cnt=300
+ while [ -f ${SURICATAPID} ]; do
+ cnt=$(expr $cnt - 1)
+ if [ $cnt -lt 1 ] ; then
+ echo
+ eend 1 "Failed."
+ break
+ fi
+ sleep 1
+ echo -ne "$cnt seconds left before we give up\r"
+ done
+ eend $?
+}
+
+reload() {
+
+ local SUR_PID="`cat ${SURICATAPID}`"
+ local SUR_USER="`ps -p ${SUR_PID} --no-headers -o user`"
+
+ if [ ! -f ${SURICATAPID} ]; then
+ eerror "${SVCNAME} isn't running"
+ return 1
+ elif [ ${SUR_USER} != root ]; then
+ eerror "${SVCNAME} must be running as root for reload to work!"
+ return 1
+ else
+ checkconfig || return 1
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
+ fi
+}
diff --git a/net-analyzer/suricata/suricata-3.2.ebuild b/net-analyzer/suricata/suricata-3.2.ebuild
new file mode 100644
index 00000000..2bd57bd
--- /dev/null
+++ b/net-analyzer/suricata/suricata-3.2.ebuild
@@ -0,0 +1,139 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
+HOMEPAGE="http://suricata-ids.org/"
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened lua luajit nflog +nfqueue redis +rules test"
+
+DEPEND="
+ >=dev-libs/jansson-2.2
+ dev-libs/libpcre
+ dev-libs/libyaml
+ net-libs/libnet:*
+ net-libs/libnfnetlink
+ dev-libs/nspr
+ dev-libs/nss
+ >=net-libs/libhtp-0.5.20
+ net-libs/libpcap
+ sys-apps/file
+ cuda? ( dev-util/nvidia-cuda-toolkit )
+ geoip? ( dev-libs/geoip )
+ lua? ( dev-lang/lua:* )
+ luajit? ( dev-lang/luajit:* )
+ nflog? ( net-libs/libnetfilter_log )
+ nfqueue? ( net-libs/libnetfilter_queue )
+ redis? ( dev-libs/hiredis )
+"
+# #446814
+# prelude? ( dev-libs/libprelude )
+# pfring? ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ "--localstatedir=/var/" \
+ "--enable-non-bundled-htp" \
+ $(use_enable af-packet) \
+ $(use_enable detection) \
+ $(use_enable nfqueue) \
+ $(use_enable test coccinelle) \
+ $(use_enable test unittests) \
+ $(use_enable control-socket unix-socket)
+ )
+
+ if use cuda ; then
+ myeconfargs+=( $(use_enable cuda) )
+ fi
+ if use debug ; then
+ myeconfargs+=( $(use_enable debug) )
+ fi
+ if use geoip ; then
+ myeconfargs+=( $(use_enable geoip) )
+ fi
+ if use hardened ; then
+ myeconfargs+=( $(use_enable hardened gccprotect) )
+ fi
+ if use nflog ; then
+ myeconfargs+=( $(use_enable nflog) )
+ fi
+ if use redis ; then
+ myeconfargs+=( $(use_enable redis hiredis) )
+ fi
+ # not supported yet (no pfring in portage)
+# if use pfring ; then
+# myeconfargs+=( $(use_enable pfring) )
+# fi
+ # no libprelude in portage
+# if use prelude ; then
+# myeconfargs+=( $(use_enable prelude) )
+# fi
+ if use lua ; then
+ myeconfargs+=( $(use_enable lua) )
+ fi
+ if use luajit ; then
+ myeconfargs+=( $(use_enable luajit) )
+ fi
+
+# this should be used when pf_ring use flag support will be added
+# LIBS+="-lrt -lnuma"
+
+ econf LIBS="${LIBS}" ${myeconfargs[@]}
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ insinto "/etc/${PN}"
+ doins {classification,reference,threshold}.config suricata.yaml
+
+ if use rules ; then
+ insinto "/etc/${PN}/rules"
+ doins rules/*.rules
+ fi
+
+ dodir "/var/lib/${PN}"
+ dodir "/var/log/${PN}"
+ dodir "/var/log/${PN}" \
+ "/var/lib/${PN}"
+
+ fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+ fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+
+ newinitd "${FILESDIR}/${P}-init" ${PN}
+ newconfd "${FILESDIR}/${P}-conf" ${PN}
+}
+
+pkg_postinst() {
+ elog "The ${PN} init script expects to find the path to the configuration"
+ elog "file as well as extra options in /etc/conf.d."
+ elog ""
+ elog "To create more than one ${PN} service, simply create a new .yaml file for it"
+ elog "then create a symlink to the init script from a link called"
+ elog "${PN}.foo - like so"
+ elog " cd /etc/${PN}"
+ elog " ${EDITOR##*/} suricata-foo.yaml"
+ elog " cd /etc/init.d"
+ elog " ln -s ${PN} ${PN}.foo"
+ elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
+ elog ""
+ elog "You can create as many ${PN}.foo* services as you wish."
+}
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
@ 2016-12-22 11:32 Slawek Lis
0 siblings, 0 replies; 11+ messages in thread
From: Slawek Lis @ 2016-12-22 11:32 UTC (permalink / raw
To: gentoo-commits
commit: be92f97f24e7867078e10efa0ee191b770cbf143
Author: Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 22 11:35:30 2016 +0000
Commit: Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Thu Dec 22 11:35:30 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be92f97f
net-analyzer/suricata: Updated init script
Applied patches sent in order to bug 602590.
Now it's possible to run one or many instances of suricata.
Thanks to Vieri <rentorbuy <AT> yahoo.com> for help.
Package-Manager: Portage-2.3.3, Repoman-2.3.1
net-analyzer/suricata/files/suricata-3.2-conf | 17 +++--
net-analyzer/suricata/files/suricata-3.2-init | 105 +++++++++++++++++++-------
net-analyzer/suricata/suricata-3.2.ebuild | 21 ++++--
3 files changed, 102 insertions(+), 41 deletions(-)
diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf
index dfb1471..bc6e281 100644
--- a/net-analyzer/suricata/files/suricata-3.2-conf
+++ b/net-analyzer/suricata/files/suricata-3.2-conf
@@ -5,27 +5,28 @@
# SURICATA_DIR="/etc/suricata"
# Pass options to each suricata service.
+#
# You can launch more than one service at the same time with different options.
# This can be useful in a multi-queue gateway, for example.
# You can expand on the Suricata inline example found at:
-# https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux
+# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html
# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance"
# on several queues. You can then have a Suricata instance processing traffic for each queue.
# This should help improve performance on the gateway/firewall.
-# Suppose you configured iptables to use queues 0 and 1. You can now do the following:
+#
+# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following:
# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0
# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
-# mkdir /var/log/suricata/q{0,1}
-# Edit both suricata-q{0,1}.yaml files and set values accordingly (eg. set the suricata.log file path to
-# a dedicated dir in the section "logging:outputs:-file").
+# Edit both suricata-q{0,1}.yaml files and set values accordingly.
+#
# You can then define the following options here:
-# SURICATA_OPTS[q0]="-q 0 -l /var/log/suricata/q0"
-# SURICATA_OPTS[q1]="-q 1 -l /var/log/suricata/q1"
+# SURICATA_OPTS_q0="-i eth0"
+# SURICATA_OPTS_q1="-i eth1"
# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata
# then you can set:
-# SURICATA_OPTIONS="-i eth0"
+SURICATA_OPTS="-i eth0"
diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init
index 2a9d46f..3a9c356 100644
--- a/net-analyzer/suricata/files/suricata-3.2-init
+++ b/net-analyzer/suricata/files/suricata-3.2-init
@@ -3,20 +3,22 @@
# Distributed under the terms of the GNU General Public License v2
# $Id$
+SURICATA_BIN=/usr/bin/suricata
SURICATA_DIR=${SURICATA_DIR:-/etc/suricata}
SURICATA=${SVCNAME#*.}
+SURICATAID=$(shell_var "${SURICATA}")
if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml"
SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
- SURICATAOPTS=${SURICATA_OPTS[${SURICATA}]}
+ eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
else
SURICATACONF="${SURICATA_DIR}/suricata.yaml"
SURICATAPID="/var/run/suricata/suricata.pid"
- SURICATAOPTS=${SURICATA_OPTIONS}
+ SURICATAOPTS=${SURICATA_OPTS}
fi
extra_commands="checkconfig"
-extra_started_commands="reload"
+extra_started_commands="reload relog"
depend() {
need net
@@ -34,49 +36,96 @@ checkconfig() {
fi
}
+initpidinfo() {
+ [ -f ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})"
+ if [ ${#SUR_PID} -gt 0 ]; then
+ SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
+ SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)"
+ fi
+}
+
+checkpidinfo() {
+ initpidinfo
+ if [ ! -f ${SURICATAPID} ]; then
+ eerror "${SVCNAME} isn't running"
+ return 1
+ elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then
+ eerror "Could not determine PID of ${SVCNAME}! Did the service crash?"
+ return 1
+ elif [ ${#SUR_USER} -eq 0 ]; then
+ eerror "Unable to determine user running ${SVCNAME}!"
+ return 1
+ elif [ "x${SUR_USER}" != "xroot" ]; then
+ eerror "${SVCNAME} must be running as root for reload or relog to work!"
+ return 1
+ fi
+}
+
start() {
checkconfig || return 1
ebegin "Starting ${SVCNAME}"
- start-stop-daemon --start --quiet --exec /usr/bin/suricata \
+ start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
-- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} \
-c ${SURICATACONF} >/dev/null 2>&1
- eend $?
+ local SUR_EXIT=$?
+ if [ $((SUR_EXIT)) -ne 0 ]; then
+ einfo "Could not start ${SURICATA_BIN} with:"
+ einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} -c ${SURICATACONF}"
+ einfo "Exit code ${SUR_EXIT}"
+ fi
+ eend ${SUR_EXIT}
}
stop() {
ebegin "Stopping ${SVCNAME}"
+ initpidinfo
start-stop-daemon --stop --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
einfon "Waiting for ${SVCNAME} to shut down. This can take a while..."
echo
# max wait: 5 minutes as it can take quite a while on some systems with heavy traffic
- cnt=300
- while [ -f ${SURICATAPID} ]; do
+ local cnt=300
+ while [ -f ${SURICATAPID} ] && [ $cnt -gt 0 ]; do
cnt=$(expr $cnt - 1)
- if [ $cnt -lt 1 ] ; then
- echo
- eend 1 "Failed."
- break
- fi
sleep 1
- echo -ne "$cnt seconds left before we give up\r"
+ echo -ne "$cnt seconds left before we give up checking the PID file...\r"
done
- eend $?
+ # under certain conditions suricata can be pretty slow and the PID can persist long after the pidfile has been removed
+ # max wait for process to terminate: 1 minute
+ if [ ${#SUR_PID} -gt 0 ]; then
+ cnt=60
+ SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
+ if [ $((SUR_PID_CHECK)) -ne 0 ]; then
+ echo
+ einfo "The PID file ${SURICATAPID} is gone but the ${SVCNAME} PID ${SUR_PID} is still running."
+ einfo "Waiting for process to shut down on its own. This can take a while..."
+ fi
+ while [ $((SUR_PID_CHECK)) -ne 0 ]; do
+ cnt=$(expr $cnt - 1)
+ if [ $cnt -lt 1 ] ; then
+ echo
+ eend 1 "Failed. You might need to kill PID ${SUR_PID} or find out why it can't be stopped."
+ break
+ fi
+ sleep 1
+ echo -ne "$cnt seconds left before we give up checking PID ${SUR_PID}...\r"
+ SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
+ done
+ fi
+ eend 0
}
reload() {
+ checkpidinfo || return 1
+ checkconfig || return 1
+ ebegin "Sending USR2 signal to ${SVCNAME} to perform a live rule and config reload."
+ start-stop-daemon --signal USR2 --pidfile ${SURICATAPID}
+ eend $?
+}
- local SUR_PID="`cat ${SURICATAPID}`"
- local SUR_USER="`ps -p ${SUR_PID} --no-headers -o user`"
-
- if [ ! -f ${SURICATAPID} ]; then
- eerror "${SVCNAME} isn't running"
- return 1
- elif [ ${SUR_USER} != root ]; then
- eerror "${SVCNAME} must be running as root for reload to work!"
- return 1
- else
- checkconfig || return 1
- ebegin "Reloading ${SVCNAME}"
- start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
- fi
+relog() {
+ checkpidinfo || return 1
+ checkconfig || return 1
+ ebegin "Sending HUP signal to ${SVCNAME} to close and re-open all log files."
+ start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
+ eend $?
}
diff --git a/net-analyzer/suricata/suricata-3.2.ebuild b/net-analyzer/suricata/suricata-3.2.ebuild
index 2bd57bd..078186b 100644
--- a/net-analyzer/suricata/suricata-3.2.ebuild
+++ b/net-analyzer/suricata/suricata-3.2.ebuild
@@ -63,9 +63,6 @@ src_configure() {
if use cuda ; then
myeconfargs+=( $(use_enable cuda) )
fi
- if use debug ; then
- myeconfargs+=( $(use_enable debug) )
- fi
if use geoip ; then
myeconfargs+=( $(use_enable geoip) )
fi
@@ -96,7 +93,16 @@ src_configure() {
# this should be used when pf_ring use flag support will be added
# LIBS+="-lrt -lnuma"
- econf LIBS="${LIBS}" ${myeconfargs[@]}
+ # avoid upstream configure script trying to add -march=native to CFLAGS
+ myeconfargs+=( --enable-gccmarch-native=no )
+
+ if use debug ; then
+ myeconfargs+=( $(use_enable debug) )
+ # so we can get a backtrace according to "reporting bugs" on upstream web site
+ CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]}
+ else
+ econf LIBS="${LIBS}" ${myeconfargs[@]}
+ fi
}
src_install() {
@@ -124,7 +130,7 @@ src_install() {
pkg_postinst() {
elog "The ${PN} init script expects to find the path to the configuration"
- elog "file as well as extra options in /etc/conf.d."
+ elog "file as well as extra options in /etc/conf.d"
elog ""
elog "To create more than one ${PN} service, simply create a new .yaml file for it"
elog "then create a symlink to the init script from a link called"
@@ -136,4 +142,9 @@ pkg_postinst() {
elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
elog ""
elog "You can create as many ${PN}.foo* services as you wish."
+
+ if use debug; then
+ elog "You enabled the debug USE flag. Please read this link to report bugs upstream:"
+ elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"
+ fi
}
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
@ 2017-02-17 5:40 Slawek Lis
0 siblings, 0 replies; 11+ messages in thread
From: Slawek Lis @ 2017-02-17 5:40 UTC (permalink / raw
To: gentoo-commits
commit: 8613b63b558801c7a1c904358505b65b5906d1a3
Author: Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 17 05:39:45 2017 +0000
Commit: Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Fri Feb 17 05:39:45 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8613b63b
net-analyzer/suricata: version bump to 3.2.1
Reported in #609426
Package-Manager: Portage-2.3.3, Repoman-2.3.1
net-analyzer/suricata/Manifest | 1 +
net-analyzer/suricata/files/suricata-3.2.1-conf | 62 +++++++++
net-analyzer/suricata/files/suricata-3.2.1-init | 148 ++++++++++++++++++++++
net-analyzer/suricata/suricata-3.2.1.ebuild | 162 ++++++++++++++++++++++++
4 files changed, 373 insertions(+)
diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index 4730f83276..06c2f94487 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -1,4 +1,5 @@
DIST suricata-2.0.11.tar.gz 3091124 SHA256 c607f1e18e5636830f42a83f7c67e1466f07db82853f3a9dba4ab8c6c3bc656e SHA512 659e893fef3cdcca8440f2af7596d5cc58b142d3350b9ea5ba57d855c6759a00adafeb15a1dfe91dd55eca1437487eb4e842b4e2913d12417f0b906ca3d54ec9 WHIRLPOOL 5cfa55abd90284a0a3441853af9db18075a23fa5661d89448b409b8fdd1031ad348d76d455b7dfe7b2688e69633f5bbb65dc060cc2426af017ab1bcb824c9ac5
DIST suricata-3.0.1.tar.gz 3315637 SHA256 74c685f8da51b3f038a7b8185bdbed274aca25daf64ac7ea01eea60636727f26 SHA512 cd10f5b19dd7b6ccbed668263b54d93738842191e71391b040aa7fc2049ac597feb38cd333f07b15d30ebeaf778f6abe18b72215e609891608dca094531c7fd8 WHIRLPOOL a1f6c8ee760cac9e3daa3358e89d30b4a24441fb975214ae2fe165fcb697b4292e035007323041febdc0d8f09b16666515aba76f60f1e437d865193db3deb25d
DIST suricata-3.1.3.tar.gz 3340627 SHA256 bd89c269e29b03a8898ccabccfb7fcab11c1aa036444772e117705f3b37b4174 SHA512 d29c2c4344d52ba3d8c5ed4331a35b512e323c9a13a73e3039df6406d8c6389d05e3b311db6b561125c12dfbea67b121afbdecb7f0a5cb0594cf339b492726fb WHIRLPOOL 720f668480bfa05e7e6c32bb63f09af6d38e46b909ab4d0d9879cd069436215eb3b4bb1778147de82344b6879a1b3e04da0af2e14084bb1b74472ecc727c4ebe
+DIST suricata-3.2.1.tar.gz 11754332 SHA256 0e0b0cf49016804bb2fb1fc4327341617e76a67902f4e03e0ef6d16c1d7d3994 SHA512 6b0e5565368a085f059f62c9862364a9fcd970158b17671a25bcbed9b3ef8fcf857b1760a6d186ebe3227dde45070bc69a8b0d0bfd341f39a4d42ef93d12f290 WHIRLPOOL 6469191d11f8bd3cf4fab80650d4fbf380c74e3502867e446f57fd297d3f8bbd9b23e452dcb2c559496e8f64f9e9822c5f0303a6351ec13a32fd172a39d3ca05
DIST suricata-3.2.tar.gz 11732080 SHA256 41cbe19c6fd6bd51ebcbc29063f558e2fbba4a2450e5809fee2e461f16a4ed68 SHA512 327f5a62449af44f6cb95220e1ff9bf61b51db7bd25f2b1e8def3e8650ba754304cf9d02fc30b46b6cbaa6b5f94fa3d4be90edb8a293ff3b6c0927b596a2976e WHIRLPOOL b6d4c2c08e34da2b4dee4087831a0a9dcad836737489e2599938d74b74c624e455d0f1299ef7c4e70df038ac13dcd29344c2117b44310f8dc42d9f0fad0c3e15
diff --git a/net-analyzer/suricata/files/suricata-3.2.1-conf b/net-analyzer/suricata/files/suricata-3.2.1-conf
new file mode 100644
index 0000000000..655b947fdd
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-3.2.1-conf
@@ -0,0 +1,62 @@
+# Config file for /etc/init.d/suricata*
+
+# Where config files are stored. Default:
+
+# SURICATA_DIR="/etc/suricata"
+
+# Pass options to each suricata service.
+#
+# You can launch more than one service at the same time with different options.
+# This can be useful in a multi-queue gateway, for example.
+# You can expand on the Suricata inline example found at:
+# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html
+# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance"
+# on several queues. You can then have a Suricata instance processing traffic for each queue.
+# This should help improve performance on the gateway/firewall.
+#
+# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following:
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
+#
+# Edit both suricata-q{0,1}.yaml files and set values accordingly.
+# You can override these yaml config file names with SURICATA_CONF* below (optional).
+# This allows you to use the same yaml config file for multiple instances as long as you override
+# sensible options such as the log file paths.
+# SURICATA_CONF_q0="suricata-queues.yaml"
+# SURICATA_CONF_q1="suricata-queues.yaml"
+# SURICATA_CONF="suricata.yaml"
+
+# You can define the options here:
+# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you.
+
+# SURICATA_OPTS_q0="-q 0"
+# SURICATA_OPTS_q1="-q 1"
+
+# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata
+# then you can set:
+
+SURICATA_OPTS="-i eth0"
+
+# Log paths listed here will be created by the init script and will override the log path
+# set in the yaml file, if present.
+# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
+# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
+# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"
+
+# Run as user/group.
+# Do not define if you want to run as root or as the user defined in the yaml config file (run-as).
+# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below.
+# SURICATA_USER_q0="suricata"
+# SURICATA_GROUP_q0="suricata"
+# SURICATA_USER_q1="suricata"
+# SURICATA_GROUP_q1="suricata"
+# SURICATA_USER="suricata"
+# SURICATA_GROUP="suricata"
+
+# Suricata processes can take a long time to shut down.
+# If necessary, adjust timeout in seconds to be used when calling stop from the init script.
+# Examples:
+# SURICATA_MAX_WAIT_ON_STOP="300"
+# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30"
diff --git a/net-analyzer/suricata/files/suricata-3.2.1-init b/net-analyzer/suricata/files/suricata-3.2.1-init
new file mode 100644
index 0000000000..05f05dd9c5
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-3.2.1-init
@@ -0,0 +1,148 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+SURICATA_BIN=/usr/bin/suricata
+SURICATA_DIR=${SURICATA_DIR:-/etc/suricata}
+SURICATA=${SVCNAME#*.}
+SURICATAID=$(shell_var "${SURICATA}")
+if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
+ eval SURICATACONF=\$SURICATA_CONF_${SURICATAID}
+ [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
+ SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
+ eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
+ eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
+ eval SURICATAUSER=\$SURICATA_USER_${SURICATAID}
+ eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID}
+else
+ SURICATACONF=${SURICATA_CONF}
+ [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
+ SURICATAPID="/var/run/suricata/suricata.pid"
+ SURICATAOPTS=${SURICATA_OPTS}
+ SURICATALOGPATH=${SURICATA_LOG_FILE}
+ SURICATAUSER=${SURICATA_USER}
+ SURICATAGROUP=${SURICATA_GROUP}
+fi
+SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}}
+SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}}
+[ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}"
+[[ -z "${SURICATA_MAX_WAIT_ON_STOP// }" ]] || SURICATA_RETRY="--retry ${SURICATA_MAX_WAIT_ON_STOP}"
+
+description="Suricata IDS/IPS"
+extra_commands="checkconfig dump"
+description_checkconfig="Check config for ${SVCNAME}"
+description_dump="List all config values that can be used with --set"
+extra_started_commands="reload relog"
+description_reload="Live rule and config reload"
+description_relog="Close and re-open all log files"
+
+depend() {
+ need net
+ after mysql
+ after postgresql
+}
+
+checkconfig() {
+ if [ ! -d "/var/run/suricata" ] ; then
+ checkpath -d /var/run/suricata
+ fi
+ if [ ${#SURICATALOGPATH} -gt 0 ]; then
+ SURICATALOGFILE=$( basename ${SURICATALOGPATH} )
+ SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
+ SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
+ if [ ! -d "${SURICATALOGPATH}" ] ; then
+ checkpath -d "${SURICATALOGPATH}"
+ fi
+ if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && [ -e "${SURICATALOGPATH}" ]; then
+ chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}" || return 1
+ chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1
+ fi
+ SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
+ SURICATALOGPATH="-l ${SURICATALOGPATH}"
+ fi
+ if [ ! -e ${SURICATACONF} ] ; then
+ einfo "The configuration file ${SURICATACONF} was not found."
+ einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata."
+ einfo "Take a look at the suricata arguments --set and --dump-config."
+ fi
+ if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+ einfo "${SVCNAME} will run as user ${SURICATAUSER}:${SURICATAGROUP}."
+ SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} --group=${SURICATAGROUP}"
+ fi
+}
+
+initpidinfo() {
+ [ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})"
+ if [ ${#SUR_PID} -gt 0 ]; then
+ SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
+ SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)"
+ fi
+}
+
+checkpidinfo() {
+ initpidinfo
+ if [ ! -e ${SURICATAPID} ]; then
+ eerror "${SVCNAME} isn't running"
+ return 1
+ elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then
+ eerror "Could not determine PID of ${SVCNAME}! Did the service crash?"
+ return 1
+ elif [ ${#SUR_USER} -eq 0 ]; then
+ eerror "Unable to determine user running ${SVCNAME}!"
+ return 1
+ elif [ "x${SUR_USER}" != "xroot" ]; then
+ ewarn "${SVCNAME} may need to be running as root or as a priviledged user for the extra commands reload and relog to work."
+ fi
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
+ -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1
+ local SUR_EXIT=$?
+ if [ $((SUR_EXIT)) -ne 0 ]; then
+ einfo "Could not start ${SURICATA_BIN} with:"
+ einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH}"
+ einfo "Exit code ${SUR_EXIT}"
+ fi
+ eend ${SUR_EXIT}
+}
+
+stop() {
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop ${SURICATA_RETRY} --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
+ eend $?
+}
+
+reload() {
+ checkpidinfo || return 1
+ checkconfig || return 1
+ ebegin "Sending USR2 signal to ${SVCNAME} to perform a live rule and config reload."
+ if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+ start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal USR2 --pidfile ${SURICATAPID}
+ else
+ start-stop-daemon --signal USR2 --pidfile ${SURICATAPID}
+ fi
+ eend $?
+}
+
+relog() {
+ checkpidinfo || return 1
+ checkconfig || return 1
+ ebegin "Sending HUP signal to ${SVCNAME} to close and re-open all log files."
+ if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+ start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal HUP --pidfile ${SURICATAPID}
+ else
+ start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
+ fi
+ eend $?
+}
+
+dump() {
+ checkconfig || return 1
+ ebegin "Dumping ${SVCNAME} config values and quitting."
+ ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH}
+ eend $?
+}
diff --git a/net-analyzer/suricata/suricata-3.2.1.ebuild b/net-analyzer/suricata/suricata-3.2.1.ebuild
new file mode 100644
index 0000000000..9d39b833ee
--- /dev/null
+++ b/net-analyzer/suricata/suricata-3.2.1.ebuild
@@ -0,0 +1,162 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
+HOMEPAGE="http://suricata-ids.org/"
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test"
+
+DEPEND="
+ >=dev-libs/jansson-2.2
+ dev-libs/libpcre
+ dev-libs/libyaml
+ net-libs/libnet:*
+ net-libs/libnfnetlink
+ dev-libs/nspr
+ dev-libs/nss
+ >=net-libs/libhtp-0.5.20
+ net-libs/libpcap
+ sys-apps/file
+ cuda? ( dev-util/nvidia-cuda-toolkit )
+ geoip? ( dev-libs/geoip )
+ lua? ( dev-lang/lua:* )
+ luajit? ( dev-lang/luajit:* )
+ nflog? ( net-libs/libnetfilter_log )
+ nfqueue? ( net-libs/libnetfilter_queue )
+ redis? ( dev-libs/hiredis )
+ logrotate? ( app-admin/logrotate )
+ sys-libs/libcap-ng
+"
+# #446814
+# prelude? ( dev-libs/libprelude )
+# pfring? ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+ eautoreconf
+}
+
+src_configure() {
+ local myeconfargs=(
+ "--localstatedir=/var/" \
+ "--enable-non-bundled-htp" \
+ $(use_enable af-packet) \
+ $(use_enable detection) \
+ $(use_enable nfqueue) \
+ $(use_enable test coccinelle) \
+ $(use_enable test unittests) \
+ $(use_enable control-socket unix-socket)
+ )
+
+ if use cuda ; then
+ myeconfargs+=( $(use_enable cuda) )
+ fi
+ if use geoip ; then
+ myeconfargs+=( $(use_enable geoip) )
+ fi
+ if use hardened ; then
+ myeconfargs+=( $(use_enable hardened gccprotect) )
+ fi
+ if use nflog ; then
+ myeconfargs+=( $(use_enable nflog) )
+ fi
+ if use redis ; then
+ myeconfargs+=( $(use_enable redis hiredis) )
+ fi
+ # not supported yet (no pfring in portage)
+# if use pfring ; then
+# myeconfargs+=( $(use_enable pfring) )
+# fi
+ # no libprelude in portage
+# if use prelude ; then
+# myeconfargs+=( $(use_enable prelude) )
+# fi
+ if use lua ; then
+ myeconfargs+=( $(use_enable lua) )
+ fi
+ if use luajit ; then
+ myeconfargs+=( $(use_enable luajit) )
+ fi
+
+# this should be used when pf_ring use flag support will be added
+# LIBS+="-lrt -lnuma"
+
+ # avoid upstream configure script trying to add -march=native to CFLAGS
+ myeconfargs+=( --enable-gccmarch-native=no )
+
+ if use debug ; then
+ myeconfargs+=( $(use_enable debug) )
+ # so we can get a backtrace according to "reporting bugs" on upstream web site
+ CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]}
+ else
+ econf LIBS="${LIBS}" ${myeconfargs[@]}
+ fi
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ insinto "/etc/${PN}"
+ doins {classification,reference,threshold}.config suricata.yaml
+
+ if use rules ; then
+ insinto "/etc/${PN}/rules"
+ doins rules/*.rules
+ fi
+
+ dodir "/var/lib/${PN}"
+ dodir "/var/log/${PN}"
+
+ fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+ fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+
+ newinitd "${FILESDIR}/${P}-init" ${PN}
+ newconfd "${FILESDIR}/${P}-conf" ${PN}
+
+ if use logrotate; then
+ insopts -m0644
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/${PN}-logrotate ${PN}
+ fi
+}
+
+pkg_postinst() {
+ elog "The ${PN} init script expects to find the path to the configuration"
+ elog "file as well as extra options in /etc/conf.d."
+ elog ""
+ elog "To create more than one ${PN} service, simply create a new .yaml file for it"
+ elog "then create a symlink to the init script from a link called"
+ elog "${PN}.foo - like so"
+ elog " cd /etc/${PN}"
+ elog " ${EDITOR##*/} suricata-foo.yaml"
+ elog " cd /etc/init.d"
+ elog " ln -s ${PN} ${PN}.foo"
+ elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
+ elog ""
+ elog "You can create as many ${PN}.foo* services as you wish."
+
+ if use logrotate; then
+ elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logrotate config file in /etc/logrotate.d/."
+ fi
+
+ if use debug; then
+ elog "You enabled the debug USE flag. Please read this link to report bugs upstream:"
+ elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"
+ elog "You need to also ensure the FEATURES variable in make.conf contains the"
+ elog "'nostrip' option to produce useful core dumps or back traces."
+ fi
+}
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
@ 2019-09-08 19:25 Slawek Lis
0 siblings, 0 replies; 11+ messages in thread
From: Slawek Lis @ 2019-09-08 19:25 UTC (permalink / raw
To: gentoo-commits
commit: dc1b127212527643b0346fe711558136bfc25ad0
Author: Slawomir Lis <slis <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 8 18:58:59 2019 +0000
Commit: Slawek Lis <slis <AT> gentoo <DOT> org>
CommitDate: Sun Sep 8 19:24:40 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc1b1272
net-analyzer/suricata: fixed build error related with SIOCGSTAMP
Closes: https://bugs.gentoo.org/692546
Package-Manager: Portage-2.3.75, Repoman-2.3.17
Signed-off-by: Slawek Lis <slis <AT> gentoo.org>
net-analyzer/suricata/files/suricata-4.0.4_sockios.patch | 13 +++++++++++++
net-analyzer/suricata/suricata-4.0.4.ebuild | 5 +++--
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch b/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch
new file mode 100644
index 00000000000..a341d9c159f
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch
@@ -0,0 +1,13 @@
+--- src/source-af-packet.c.orig 2019-09-08 20:50:06.416466432 +0200
++++ src/source-af-packet.c 2019-09-08 20:53:26.144471385 +0200
+@@ -70,6 +70,10 @@
+
+ #ifdef HAVE_AF_PACKET
+
++#ifdef HAVE_LINUX_SOCKIOS_H
++#include <linux/sockios.h>
++#endif
++
+ #if HAVE_SYS_IOCTL_H
+ #include <sys/ioctl.h>
+ #endif
diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild b/net-analyzer/suricata/suricata-4.0.4.ebuild
index 2622dccdb3b..f476bfe2ae2 100644
--- a/net-analyzer/suricata/suricata-4.0.4.ebuild
+++ b/net-analyzer/suricata/suricata-4.0.4.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=5
@@ -46,7 +46,8 @@ pkg_setup() {
}
src_prepare() {
- epatch "${FILESDIR}"/${P}_configure-lua-flags.patch
+ epatch "${FILESDIR}/${P}_configure-lua-flags.patch"
+ epatch "${FILESDIR}/${P}_sockios.patch"
eautoreconf
}
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
@ 2019-12-16 18:14 Marek Szuba
0 siblings, 0 replies; 11+ messages in thread
From: Marek Szuba @ 2019-12-16 18:14 UTC (permalink / raw
To: gentoo-commits
commit: f3fe5e0ccbcf0af56e2d7e0c2c6231a2026df2f9
Author: Marek Szuba <marecki <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 16 18:10:25 2019 +0000
Commit: Marek Szuba <marecki <AT> gentoo <DOT> org>
CommitDate: Mon Dec 16 18:10:25 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3fe5e0c
net-analyzer/suricata: remove vulnerable 4.0.4
Bug: https://bugs.gentoo.org/690196
Bug: https://bugs.gentoo.org/686428
Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>
net-analyzer/suricata/Manifest | 1 -
.../files/suricata-4.0.4_configure-lua-flags.patch | 16 --
.../suricata/files/suricata-4.0.4_sockios.patch | 13 --
.../{suricata-4.0.4-conf => suricata-5.0.0-conf} | 0
.../{suricata-4.0.4-init => suricata-5.0.0-init} | 0
net-analyzer/suricata/suricata-4.0.4.ebuild | 171 ---------------------
net-analyzer/suricata/suricata-5.0.0.ebuild | 4 +-
7 files changed, 2 insertions(+), 203 deletions(-)
diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index 72532b86510..16a7c6ae731 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -1,2 +1 @@
-DIST suricata-4.0.4.tar.gz 12511121 BLAKE2B d9dfb00a45c2e9810409a8ce91a83e23ebce20eb28492bf24f9688d292b5805dca932c39cc673cf1148325fe5ef7936dda7f6c7819605753cb2e2ddc1cf5dba0 SHA512 6e158aa6d3edb9d11e0df3f986392ee2ae49ab4dfb978288ced4484dbe5c08ae061db2a566be6d22cf14bd0b88f87f9cb9c0a657d7fc44e099b8783d933c771e
DIST suricata-5.0.0.tar.gz 23689051 BLAKE2B 701625d50dacbeb846d7ea1c3aad3980969c1c0124c007d843353fe25b7e579378d2cd125db4660e33fff1f8cf20eac4bbafe280ba6ff31f988fb6c42b29b6aa SHA512 0dc8941fdf29d615531eeda6f6076052cca79fda6dda3c96300c08b343a64a1700fd23dd83a03507009ab7c9b19c91b65ee65e704f55ddee17764b71e9e2911e
diff --git a/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch b/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch
deleted file mode 100644
index bad66359afa..00000000000
--- a/net-analyzer/suricata/files/suricata-4.0.4_configure-lua-flags.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -1749,11 +1749,11 @@
- # liblua
- AC_ARG_ENABLE(lua,
- AS_HELP_STRING([--enable-lua],[Enable Lua support]),
-- [ enable_lua="yes"],
-+ [],
- [ enable_lua="no"])
- AC_ARG_ENABLE(luajit,
- AS_HELP_STRING([--enable-luajit],[Enable Luajit support]),
-- [ enable_luajit="yes"],
-+ [],
- [ enable_luajit="no"])
- if test "$enable_lua" = "yes"; then
- if test "$enable_luajit" = "yes"; then
diff --git a/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch b/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch
deleted file mode 100644
index a341d9c159f..00000000000
--- a/net-analyzer/suricata/files/suricata-4.0.4_sockios.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- src/source-af-packet.c.orig 2019-09-08 20:50:06.416466432 +0200
-+++ src/source-af-packet.c 2019-09-08 20:53:26.144471385 +0200
-@@ -70,6 +70,10 @@
-
- #ifdef HAVE_AF_PACKET
-
-+#ifdef HAVE_LINUX_SOCKIOS_H
-+#include <linux/sockios.h>
-+#endif
-+
- #if HAVE_SYS_IOCTL_H
- #include <sys/ioctl.h>
- #endif
diff --git a/net-analyzer/suricata/files/suricata-4.0.4-conf b/net-analyzer/suricata/files/suricata-5.0.0-conf
similarity index 100%
rename from net-analyzer/suricata/files/suricata-4.0.4-conf
rename to net-analyzer/suricata/files/suricata-5.0.0-conf
diff --git a/net-analyzer/suricata/files/suricata-4.0.4-init b/net-analyzer/suricata/files/suricata-5.0.0-init
similarity index 100%
rename from net-analyzer/suricata/files/suricata-4.0.4-init
rename to net-analyzer/suricata/files/suricata-5.0.0-init
diff --git a/net-analyzer/suricata/suricata-4.0.4.ebuild b/net-analyzer/suricata/suricata-4.0.4.ebuild
deleted file mode 100644
index 2ea320ca46b..00000000000
--- a/net-analyzer/suricata/suricata-4.0.4.ebuild
+++ /dev/null
@@ -1,171 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-inherit autotools eutils user
-
-DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
-HOMEPAGE="https://suricata-ids.org/"
-SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test"
-RESTRICT="!test? ( test )"
-
-DEPEND="
- >=dev-libs/jansson-2.2
- dev-libs/libpcre
- dev-libs/libyaml
- net-libs/libnet:*
- net-libs/libnfnetlink
- dev-libs/nspr
- dev-libs/nss
- >=net-libs/libhtp-0.5.20
- net-libs/libpcap
- sys-apps/file
- cuda? ( dev-util/nvidia-cuda-toolkit )
- geoip? ( dev-libs/geoip )
- lua? ( dev-lang/lua:* )
- luajit? ( dev-lang/luajit:* )
- nflog? ( net-libs/libnetfilter_log )
- nfqueue? ( net-libs/libnetfilter_queue )
- redis? ( dev-libs/hiredis )
- logrotate? ( app-admin/logrotate )
- sys-libs/libcap-ng
-"
-# #446814
-# prelude? ( dev-libs/libprelude )
-# pfring? ( sys-process/numactl net-libs/pf_ring)
-RDEPEND="${DEPEND}"
-
-pkg_setup() {
- enewgroup ${PN}
- enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
-}
-
-src_prepare() {
- epatch "${FILESDIR}/${P}_configure-lua-flags.patch"
- epatch "${FILESDIR}/${P}_sockios.patch"
- sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am"
- eautoreconf
-}
-
-src_configure() {
- local myeconfargs=(
- "--localstatedir=/var/" \
- "--enable-non-bundled-htp" \
- $(use_enable af-packet) \
- $(use_enable detection) \
- $(use_enable nfqueue) \
- $(use_enable test coccinelle) \
- $(use_enable test unittests) \
- $(use_enable control-socket unix-socket)
- )
-
- if use cuda ; then
- myeconfargs+=( $(use_enable cuda) )
- fi
- if use geoip ; then
- myeconfargs+=( $(use_enable geoip) )
- fi
- if use hardened ; then
- myeconfargs+=( $(use_enable hardened gccprotect) )
- fi
- if use nflog ; then
- myeconfargs+=( $(use_enable nflog) )
- fi
- if use redis ; then
- myeconfargs+=( $(use_enable redis hiredis) )
- fi
- # not supported yet (no pfring in portage)
-# if use pfring ; then
-# myeconfargs+=( $(use_enable pfring) )
-# fi
- # no libprelude in portage
-# if use prelude ; theng
-# myeconfargs+=( $(use_enable prelude) )
-# fi
- if use lua ; then
- myeconfargs+=( $(use_enable lua) )
- fi
- if use luajit ; then
- myeconfargs+=( $(use_enable luajit) )
- fi
- if (use !lua) && (use !luajit) ; then
- myeconfargs+=(
- --disable-lua
- --disable-luajit
- )
- fi
-
-# this should be used when pf_ring use flag support will be added
-# LIBS+="-lrt -lnuma"
-
- # avoid upstream configure script trying to add -march=native to CFLAGS
- myeconfargs+=( --enable-gccmarch-native=no )
-
- if use debug ; then
- myeconfargs+=( $(use_enable debug) )
- # so we can get a backtrace according to "reporting bugs" on upstream web site
- CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]}
- else
- econf LIBS="${LIBS}" ${myeconfargs[@]}
- fi
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- insinto "/etc/${PN}"
- doins {classification,reference,threshold}.config suricata.yaml
-
- if use rules ; then
- insinto "/etc/${PN}/rules"
- doins rules/*.rules
- fi
-
- keepdir "/var/lib/${PN}"
- keepdir "/var/log/${PN}"
-
- fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
- fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
-
- newinitd "${FILESDIR}/${P}-init" ${PN}
- newconfd "${FILESDIR}/${P}-conf" ${PN}
-
- if use logrotate; then
- insopts -m0644
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/${PN}-logrotate ${PN}
- fi
-}
-
-pkg_postinst() {
- elog "The ${PN} init script expects to find the path to the configuration"
- elog "file as well as extra options in /etc/conf.d."
- elog ""
- elog "To create more than one ${PN} service, simply create a new .yaml file for it"
- elog "then create a symlink to the init script from a link called"
- elog "${PN}.foo - like so"
- elog " cd /etc/${PN}"
- elog " ${EDITOR##*/} suricata-foo.yaml"
- elog " cd /etc/init.d"
- elog " ln -s ${PN} ${PN}.foo"
- elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
- elog ""
- elog "You can create as many ${PN}.foo* services as you wish."
-
- if use logrotate; then
- elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logrotate config file in /etc/logrotate.d/."
- fi
-
- if use debug; then
- elog "You enabled the debug USE flag. Please read this link to report bugs upstream:"
- elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"
- elog "You need to also ensure the FEATURES variable in make.conf contains the"
- elog "'nostrip' option to produce useful core dumps or back traces."
- fi
-}
diff --git a/net-analyzer/suricata/suricata-5.0.0.ebuild b/net-analyzer/suricata/suricata-5.0.0.ebuild
index 05f328b973b..9701e036e6a 100644
--- a/net-analyzer/suricata/suricata-5.0.0.ebuild
+++ b/net-analyzer/suricata/suricata-5.0.0.ebuild
@@ -134,8 +134,8 @@ src_install() {
fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
- newinitd "${FILESDIR}/${PN}-4.0.4-init" ${PN}
- newconfd "${FILESDIR}/${PN}-4.0.4-conf" ${PN}
+ newinitd "${FILESDIR}/${PN}-5.0.0-init" ${PN}
+ newconfd "${FILESDIR}/${PN}-5.0.0-conf" ${PN}
systemd_dounit "${FILESDIR}"/${PN}.service
systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
@ 2019-12-18 14:22 Marek Szuba
0 siblings, 0 replies; 11+ messages in thread
From: Marek Szuba @ 2019-12-18 14:22 UTC (permalink / raw
To: gentoo-commits
commit: eab781daa429d8d9cb5cd1a1d8baefcae4afbffc
Author: Marek Szuba <marecki <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 18 14:20:18 2019 +0000
Commit: Marek Szuba <marecki <AT> gentoo <DOT> org>
CommitDate: Wed Dec 18 14:21:52 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eab781da
net-analyzer/suricata: remove old
Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>
net-analyzer/suricata/Manifest | 1 -
net-analyzer/suricata/files/suricata-5.0.0-conf | 62 -------
net-analyzer/suricata/files/suricata-5.0.0-init | 147 ----------------
.../files/suricata-5.0.0_configure-lua-flags.patch | 16 --
...suricata-5.0.0_configure-no-lz4-automagic.patch | 23 ---
.../files/suricata-5.0.0_default-config.patch | 61 -------
net-analyzer/suricata/metadata.xml | 2 -
net-analyzer/suricata/suricata-5.0.0.ebuild | 185 ---------------------
8 files changed, 497 deletions(-)
diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index 9247b853f30..ac5ea56c85b 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -1,2 +1 @@
-DIST suricata-5.0.0.tar.gz 23689051 BLAKE2B 701625d50dacbeb846d7ea1c3aad3980969c1c0124c007d843353fe25b7e579378d2cd125db4660e33fff1f8cf20eac4bbafe280ba6ff31f988fb6c42b29b6aa SHA512 0dc8941fdf29d615531eeda6f6076052cca79fda6dda3c96300c08b343a64a1700fd23dd83a03507009ab7c9b19c91b65ee65e704f55ddee17764b71e9e2911e
DIST suricata-5.0.1.tar.gz 23721536 BLAKE2B 529837e8e4d6c33d2093df8208bf03519e0d60deef92eadf9d0a44b7416eae2f900b2f72349815acb86d9bdd9d4253bbc5d7c4c1a34157f544982b0788291624 SHA512 db0797a7992abf0ddf170cb603fdac06b0ff92278bb91343860bccbbe029ea0e83131dfb9805ca44bcbbe3925502119259e350a17e94209b21d1f8b610d965a6
diff --git a/net-analyzer/suricata/files/suricata-5.0.0-conf b/net-analyzer/suricata/files/suricata-5.0.0-conf
deleted file mode 100644
index 655b947fdd9..00000000000
--- a/net-analyzer/suricata/files/suricata-5.0.0-conf
+++ /dev/null
@@ -1,62 +0,0 @@
-# Config file for /etc/init.d/suricata*
-
-# Where config files are stored. Default:
-
-# SURICATA_DIR="/etc/suricata"
-
-# Pass options to each suricata service.
-#
-# You can launch more than one service at the same time with different options.
-# This can be useful in a multi-queue gateway, for example.
-# You can expand on the Suricata inline example found at:
-# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html
-# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance"
-# on several queues. You can then have a Suricata instance processing traffic for each queue.
-# This should help improve performance on the gateway/firewall.
-#
-# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following:
-# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0
-# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
-# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
-# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
-#
-# Edit both suricata-q{0,1}.yaml files and set values accordingly.
-# You can override these yaml config file names with SURICATA_CONF* below (optional).
-# This allows you to use the same yaml config file for multiple instances as long as you override
-# sensible options such as the log file paths.
-# SURICATA_CONF_q0="suricata-queues.yaml"
-# SURICATA_CONF_q1="suricata-queues.yaml"
-# SURICATA_CONF="suricata.yaml"
-
-# You can define the options here:
-# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you.
-
-# SURICATA_OPTS_q0="-q 0"
-# SURICATA_OPTS_q1="-q 1"
-
-# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata
-# then you can set:
-
-SURICATA_OPTS="-i eth0"
-
-# Log paths listed here will be created by the init script and will override the log path
-# set in the yaml file, if present.
-# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
-# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
-# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"
-
-# Run as user/group.
-# Do not define if you want to run as root or as the user defined in the yaml config file (run-as).
-# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below.
-# SURICATA_USER_q0="suricata"
-# SURICATA_GROUP_q0="suricata"
-# SURICATA_USER_q1="suricata"
-# SURICATA_GROUP_q1="suricata"
-# SURICATA_USER="suricata"
-# SURICATA_GROUP="suricata"
-
-# Suricata processes can take a long time to shut down.
-# If necessary, adjust timeout in seconds to be used when calling stop from the init script.
-# Examples:
-# SURICATA_MAX_WAIT_ON_STOP="300"
-# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30"
diff --git a/net-analyzer/suricata/files/suricata-5.0.0-init b/net-analyzer/suricata/files/suricata-5.0.0-init
deleted file mode 100644
index 1db8137f31a..00000000000
--- a/net-analyzer/suricata/files/suricata-5.0.0-init
+++ /dev/null
@@ -1,147 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-SURICATA_BIN=/usr/bin/suricata
-SURICATA_DIR=${SURICATA_DIR:-/etc/suricata}
-SURICATA=${SVCNAME#*.}
-SURICATAID=$(shell_var "${SURICATA}")
-if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
- eval SURICATACONF=\$SURICATA_CONF_${SURICATAID}
- [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
- SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
- eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
- eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
- eval SURICATAUSER=\$SURICATA_USER_${SURICATAID}
- eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID}
-else
- SURICATACONF=${SURICATA_CONF}
- [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
- SURICATAPID="/var/run/suricata/suricata.pid"
- SURICATAOPTS=${SURICATA_OPTS}
- SURICATALOGPATH=${SURICATA_LOG_FILE}
- SURICATAUSER=${SURICATA_USER}
- SURICATAGROUP=${SURICATA_GROUP}
-fi
-SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}}
-SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}}
-[ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}"
-[[ -z "${SURICATA_MAX_WAIT_ON_STOP// }" ]] || SURICATA_RETRY="--retry ${SURICATA_MAX_WAIT_ON_STOP}"
-
-description="Suricata IDS/IPS"
-extra_commands="checkconfig dump"
-description_checkconfig="Check config for ${SVCNAME}"
-description_dump="List all config values that can be used with --set"
-extra_started_commands="reload relog"
-description_reload="Live rule and config reload"
-description_relog="Close and re-open all log files"
-
-depend() {
- need net
- after mysql
- after postgresql
-}
-
-checkconfig() {
- if [ ! -d "/var/run/suricata" ] ; then
- checkpath -d /var/run/suricata
- fi
- if [ ${#SURICATALOGPATH} -gt 0 ]; then
- SURICATALOGFILE=$( basename ${SURICATALOGPATH} )
- SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
- SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
- if [ ! -d "${SURICATALOGPATH}" ] ; then
- checkpath -d "${SURICATALOGPATH}"
- fi
- if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && [ -e "${SURICATALOGPATH}" ]; then
- chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}" || return 1
- chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1
- fi
- SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
- SURICATALOGPATH="-l ${SURICATALOGPATH}"
- fi
- if [ ! -e ${SURICATACONF} ] ; then
- einfo "The configuration file ${SURICATACONF} was not found."
- einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata."
- einfo "Take a look at the suricata arguments --set and --dump-config."
- fi
- if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
- einfo "${SVCNAME} will run as user ${SURICATAUSER}:${SURICATAGROUP}."
- SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} --group=${SURICATAGROUP}"
- fi
-}
-
-initpidinfo() {
- [ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})"
- if [ ${#SUR_PID} -gt 0 ]; then
- SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
- SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)"
- fi
-}
-
-checkpidinfo() {
- initpidinfo
- if [ ! -e ${SURICATAPID} ]; then
- eerror "${SVCNAME} isn't running"
- return 1
- elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then
- eerror "Could not determine PID of ${SVCNAME}! Did the service crash?"
- return 1
- elif [ ${#SUR_USER} -eq 0 ]; then
- eerror "Unable to determine user running ${SVCNAME}!"
- return 1
- elif [ "x${SUR_USER}" != "xroot" ]; then
- ewarn "${SVCNAME} may need to be running as root or as a priviledged user for the extra commands reload and relog to work."
- fi
-}
-
-start() {
- checkconfig || return 1
- ebegin "Starting ${SVCNAME}"
- start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
- -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1
- local SUR_EXIT=$?
- if [ $((SUR_EXIT)) -ne 0 ]; then
- einfo "Could not start ${SURICATA_BIN} with:"
- einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH}"
- einfo "Exit code ${SUR_EXIT}"
- fi
- eend ${SUR_EXIT}
-}
-
-stop() {
- ebegin "Stopping ${SVCNAME}"
- start-stop-daemon --stop ${SURICATA_RETRY} --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
- eend $?
-}
-
-reload() {
- checkpidinfo || return 1
- checkconfig || return 1
- ebegin "Sending USR2 signal to ${SVCNAME} to perform a live rule and config reload."
- if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
- start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal USR2 --pidfile ${SURICATAPID}
- else
- start-stop-daemon --signal USR2 --pidfile ${SURICATAPID}
- fi
- eend $?
-}
-
-relog() {
- checkpidinfo || return 1
- checkconfig || return 1
- ebegin "Sending HUP signal to ${SVCNAME} to close and re-open all log files."
- if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
- start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal HUP --pidfile ${SURICATAPID}
- else
- start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
- fi
- eend $?
-}
-
-dump() {
- checkconfig || return 1
- ebegin "Dumping ${SVCNAME} config values and quitting."
- ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH}
- eend $?
-}
diff --git a/net-analyzer/suricata/files/suricata-5.0.0_configure-lua-flags.patch b/net-analyzer/suricata/files/suricata-5.0.0_configure-lua-flags.patch
deleted file mode 100644
index be956fd94d4..00000000000
--- a/net-analyzer/suricata/files/suricata-5.0.0_configure-lua-flags.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -1749,11 +1749,11 @@
- # liblua
- AC_ARG_ENABLE(lua,
- AS_HELP_STRING([--enable-lua],[Enable Lua support]),
-- [ enable_lua="$enableval"],
-+ [],
- [ enable_lua="no"])
- AC_ARG_ENABLE(luajit,
- AS_HELP_STRING([--enable-luajit],[Enable Luajit support]),
-- [ enable_luajit="$enableval"],
-+ [],
- [ enable_luajit="no"])
- if test "$enable_lua" = "yes"; then
- if test "$enable_luajit" = "yes"; then
diff --git a/net-analyzer/suricata/files/suricata-5.0.0_configure-no-lz4-automagic.patch b/net-analyzer/suricata/files/suricata-5.0.0_configure-no-lz4-automagic.patch
deleted file mode 100644
index 5efce46f6d9..00000000000
--- a/net-analyzer/suricata/files/suricata-5.0.0_configure-no-lz4-automagic.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -2292,7 +2292,11 @@
- fi
-
- # Check for lz4
--enable_liblz4="yes"
-+AC_ARG_ENABLE(lz4,
-+ AS_HELP_STRING([--enable-lz4], [Enable compressed pcap logging using liblz4]),
-+ [enable_liblz4=$enableval],
-+ [enable_liblz4=yes])
-+if test "x$enable_liblz4" != "xno"; then
- AC_CHECK_LIB(lz4, LZ4F_createCompressionContext, , enable_liblz4="no")
-
- if test "$enable_liblz4" = "no"; then
-@@ -2306,6 +2310,7 @@
- echo " yum install lz4-devel"
- echo
- fi
-+fi
-
- # get cache line size
- AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")
diff --git a/net-analyzer/suricata/files/suricata-5.0.0_default-config.patch b/net-analyzer/suricata/files/suricata-5.0.0_default-config.patch
deleted file mode 100644
index 07a45c9a574..00000000000
--- a/net-analyzer/suricata/files/suricata-5.0.0_default-config.patch
+++ /dev/null
@@ -1,61 +0,0 @@
---- a/suricata.yaml.in
-+++ b/suricata.yaml.in
-@@ -203,8 +203,9 @@
- # https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#dns-v1-format
-
- # As of Suricata 5.0, version 2 of the eve dns output
-- # format is the default.
-- #version: 2
-+ # format is the default - but the daemon produces a warning to that effect
-+ # at start-up if this isn't explicitly set.
-+ version: 2
-
- # Enable/disable this logger. Default: enabled.
- #enabled: yes
-@@ -978,9 +979,9 @@
- ##
-
- # Run suricata as user and group.
--#run-as:
--# user: suri
--# group: suri
-+run-as:
-+ user: suricata
-+ group: suricata
-
- # Some logging module will use that name in event as identifier. The default
- # value is the hostname
-@@ -1806,16 +1807,28 @@
- hashmode: hash5tuplesorted
-
- ##
--## Configure Suricata to load Suricata-Update managed rules.
--##
--## If this section is completely commented out move down to the "Advanced rule
--## file configuration".
-+## Configure Suricata to load default rules it comes with.
- ##
-
- default-rule-path: @e_defaultruledir@
-
- rule-files:
-- - suricata.rules
-+ - /etc/suricata/rules/app-layer-events.rules
-+ - /etc/suricata/rules/decoder-events.rules
-+ - /etc/suricata/rules/dhcp-events.rules
-+ - /etc/suricata/rules/dnp3-events.rules
-+ - /etc/suricata/rules/dns-events.rules
-+ - /etc/suricata/rules/files.rules
-+ - /etc/suricata/rules/http-events.rules
-+ - /etc/suricata/rules/ipsec-events.rules
-+ - /etc/suricata/rules/kerberos-events.rules
-+ - /etc/suricata/rules/modbus-events.rules
-+ - /etc/suricata/rules/nfs-events.rules
-+ - /etc/suricata/rules/ntp-events.rules
-+ - /etc/suricata/rules/smb-events.rules
-+ - /etc/suricata/rules/smtp-events.rules
-+ - /etc/suricata/rules/stream-events.rules
-+ - /etc/suricata/rules/tls-events.rules
-
- ##
- ## Auxiliary configuration files.
diff --git a/net-analyzer/suricata/metadata.xml b/net-analyzer/suricata/metadata.xml
index cc49d0aa09f..1486882b1dd 100644
--- a/net-analyzer/suricata/metadata.xml
+++ b/net-analyzer/suricata/metadata.xml
@@ -20,7 +20,5 @@
<flag name="nflog">Enable libnetfilter_log support</flag>
<flag name="nfqueue">Enable NFQUEUE support for inline IDP</flag>
<flag name="redis">Enable Redis support</flag>
- <flag name="rules">Install default ruleset</flag>
- <flag name="tools">Install suricatactl, suricatasc and suricata-update</flag>
</use>
</pkgmetadata>
diff --git a/net-analyzer/suricata/suricata-5.0.0.ebuild b/net-analyzer/suricata/suricata-5.0.0.ebuild
deleted file mode 100644
index 9701e036e6a..00000000000
--- a/net-analyzer/suricata/suricata-5.0.0.ebuild
+++ /dev/null
@@ -1,185 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6,7,8} )
-
-inherit autotools linux-info python-single-r1 systemd
-
-DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
-HOMEPAGE="https://suricata-ids.org/"
-SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="+af-packet bpf control-socket cuda debug +detection geoip hardened logrotate lua luajit lz4 nflog +nfqueue redis +rules systemd test tools"
-
-RESTRICT="!test? ( test )"
-
-REQUIRED_USE="?? ( lua luajit )
- bpf? ( af-packet )
- tools? ( ${PYTHON_REQUIRED_USE} )"
-
-CDEPEND="acct-group/suricata
- acct-user/suricata
- dev-libs/jansson
- dev-libs/libpcre
- dev-libs/libyaml
- net-libs/libnet:*
- net-libs/libnfnetlink
- dev-libs/nspr
- dev-libs/nss
- >=net-libs/libhtp-0.5.31
- net-libs/libpcap
- sys-apps/file
- sys-libs/libcap-ng
- bpf? ( >=dev-libs/libbpf-0.0.5 )
- cuda? ( dev-util/nvidia-cuda-toolkit )
- geoip? ( dev-libs/libmaxminddb )
- logrotate? ( app-admin/logrotate )
- lua? ( dev-lang/lua:* )
- luajit? ( dev-lang/luajit:* )
- lz4? ( app-arch/lz4 )
- nflog? ( net-libs/libnetfilter_log )
- nfqueue? ( net-libs/libnetfilter_queue )
- redis? ( dev-libs/hiredis )
- tools? ( dev-python/pyyaml[${PYTHON_USEDEP}] )"
-DEPEND="${CDEPEND}
- dev-lang/rust"
-# Not confirmed that it works yet
-# test? ( dev-util/coccinelle )"
-RDEPEND="${CDEPEND}
- tools? ( ${PYTHON_DEPS} )"
-
-PATCHES=(
- "${FILESDIR}/${PN}-5.0.0_configure-lua-flags.patch"
- "${FILESDIR}/${PN}-5.0.0_configure-no-lz4-automagic.patch"
- "${FILESDIR}/${PN}-5.0.0_default-config.patch"
-)
-
-pkg_pretend() {
- if use bpf && use kernel_linux; then
- if kernel_is -lt 4 15; then
- ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map"
- fi
-
- CONFIG_CHECK="~XDP_SOCKETS"
- ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata will to load XDP programs. "
- ERROR_XDP_SOCKETS+="Other eBPF features should work normally."
- check_extra_config
- fi
-}
-
-src_prepare() {
- default
- sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am"
- eautoreconf
-}
-
-src_configure() {
- local myeconfargs=(
- "--localstatedir=/var" \
- "--enable-non-bundled-htp" \
- "--enable-gccmarch-native=no" \
- $(use_enable af-packet) \
- $(use_enable bpf ebpf) \
- $(use_enable control-socket unix-socket) \
- $(use_enable cuda) \
- $(use_enable detection) \
- $(use_enable geoip) \
- $(use_enable hardened gccprotect) \
- $(use_enable hardened pie) \
- $(use_enable lua) \
- $(use_enable luajit) \
- $(use_enable lz4) \
- $(use_enable nflog) \
- $(use_enable nfqueue) \
- $(use_enable redis hiredis) \
- $(use_enable test coccinelle) \
- $(use_enable test unittests) \
- $(use_enable tools python)
- )
-
- if use debug; then
- myeconfargs+=( $(use_enable debug) )
- # so we can get a backtrace according to "reporting bugs" on upstream web site
- CFLAGS="-ggdb -O0" econf ${myeconfargs[@]}
- else
- econf ${myeconfargs[@]}
- fi
-}
-
-src_install() {
- emake DESTDIR="${D}" install
-
- if use bpf; then
- rm -f ebpf/Makefile.{am,in}
- dodoc -r ebpf/
- keepdir /usr/libexec/suricata/ebpf
- fi
-
- insinto "/etc/${PN}"
- doins etc/{classification,reference}.config threshold.config suricata.yaml
-
- if use rules; then
- insinto "/etc/${PN}/rules"
- doins rules/*.rules
- fi
-
- keepdir "/var/lib/${PN}"
- keepdir "/var/log/${PN}"
-
- fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
- fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
-
- newinitd "${FILESDIR}/${PN}-5.0.0-init" ${PN}
- newconfd "${FILESDIR}/${PN}-5.0.0-conf" ${PN}
- systemd_dounit "${FILESDIR}"/${PN}.service
- systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf
-
- if use logrotate; then
- insopts -m0644
- insinto /etc/logrotate.d
- newins etc/${PN}.logrotate ${PN}
- fi
-}
-
-pkg_postinst() {
- if ! use systemd; then
- elog "The ${PN} init script expects to find the path to the configuration"
- elog "file as well as extra options in /etc/conf.d."
- elog ""
- elog "To create more than one ${PN} service, simply create a new .yaml file for it"
- elog "then create a symlink to the init script from a link called"
- elog "${PN}.foo - like so"
- elog " cd /etc/${PN}"
- elog " ${EDITOR##*/} suricata-foo.yaml"
- elog " cd /etc/init.d"
- elog " ln -s ${PN} ${PN}.foo"
- elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
- elog ""
- elog "You can create as many ${PN}.foo* services as you wish."
- fi
-
- if use bpf; then
- elog "eBPF/XDP files must be compiled (using sys-devel/clang[llvm_targets_BPF]) before use"
- elog "because their configuration is hard-coded. You can find the default ones in"
- elog " ${EPREFIX}/usr/share/doc/${PF}"
- elog "and the common location for eBPF bytecode is"
- elog " ${EPREFIX}/usr/libexec/${PN}"
- elog "For more information, see https://${PN}.readthedocs.io/en/${P}/capture-hardware/ebpf-xdp.html"
- fi
-
- if use logrotate; then
- elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logrotate config file in /etc/logrotate.d/."
- fi
-
- if use debug; then
- elog "You enabled the debug USE flag. Please read this link to report bugs upstream:"
- elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"
- elog "You need to also ensure the FEATURES variable in make.conf contains the"
- elog "'nostrip' option to produce useful core dumps or back traces."
- fi
-}
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
@ 2021-05-11 22:07 Marek Szuba
0 siblings, 0 replies; 11+ messages in thread
From: Marek Szuba @ 2021-05-11 22:07 UTC (permalink / raw
To: gentoo-commits
commit: b4dd6303339ca68635747819b7fb67fb34390c61
Author: Marek Szuba <marecki <AT> gentoo <DOT> org>
AuthorDate: Tue May 11 22:00:57 2021 +0000
Commit: Marek Szuba <marecki <AT> gentoo <DOT> org>
CommitDate: Tue May 11 22:07:18 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4dd6303
net-analyzer/suricata: leave sphinx-build and pdflatex alone
Upstream build scripts look for the two and if they are present, attempt
to generate documentation. Automagic aside, this presently only works
with Sphinx versions older than 4.0.0 - and in any case release tarballs
include both PDF guides and man pages.
Closes: https://bugs.gentoo.org/789528
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>
....6_configure-no-sphinx-pdflatex-automagic.patch | 26 ++++++++++++++++++++++
net-analyzer/suricata/suricata-5.0.6.ebuild | 1 +
net-analyzer/suricata/suricata-6.0.2.ebuild | 1 +
3 files changed, 28 insertions(+)
diff --git a/net-analyzer/suricata/files/suricata-5.0.6_configure-no-sphinx-pdflatex-automagic.patch b/net-analyzer/suricata/files/suricata-5.0.6_configure-no-sphinx-pdflatex-automagic.patch
new file mode 100644
index 00000000000..be5805e67f8
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-5.0.6_configure-no-sphinx-pdflatex-automagic.patch
@@ -0,0 +1,26 @@
+No configure options to disable looking for these, redundant for releases
+because the tarballs already contain both PDF documentation and man pages,
+and as of 2021-05-11 doc generation is not compatible with sphinx-4.0.0+
+due to conf.py calling long-deprecated app.add_stylesheet() rather
+than app.add_css_file().
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -2423,7 +2423,7 @@
+ fi
+
+ # sphinx for documentation
+- AC_PATH_PROG(HAVE_SPHINXBUILD, sphinx-build, "no")
++ HAVE_SPHINXBUILD="no"
+ if test "$HAVE_SPHINXBUILD" = "no"; then
+ enable_sphinxbuild=no
+ if test -e "$srcdir/doc/userguide/suricata.1"; then
+@@ -2434,7 +2434,7 @@
+ AM_CONDITIONAL([HAVE_SURICATA_MAN], [test "x$have_suricata_man" = "xyes"])
+
+ # pdflatex for the pdf version of the user manual
+- AC_PATH_PROG(HAVE_PDFLATEX, pdflatex, "no")
++ HAVE_PDFLATEX="no"
+ if test "$HAVE_PDFLATEX" = "no"; then
+ enable_pdflatex=no
+ fi
diff --git a/net-analyzer/suricata/suricata-5.0.6.ebuild b/net-analyzer/suricata/suricata-5.0.6.ebuild
index 46d1458df40..defd0c6f7f8 100644
--- a/net-analyzer/suricata/suricata-5.0.6.ebuild
+++ b/net-analyzer/suricata/suricata-5.0.6.ebuild
@@ -56,6 +56,7 @@ DEPEND="${RDEPEND}
PATCHES=(
"${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch"
"${FILESDIR}/${PN}-5.0.1_default-config.patch"
+ "${FILESDIR}/${PN}-5.0.6_configure-no-sphinx-pdflatex-automagic.patch"
)
pkg_pretend() {
diff --git a/net-analyzer/suricata/suricata-6.0.2.ebuild b/net-analyzer/suricata/suricata-6.0.2.ebuild
index 7171dc94415..061242b9a52 100644
--- a/net-analyzer/suricata/suricata-6.0.2.ebuild
+++ b/net-analyzer/suricata/suricata-6.0.2.ebuild
@@ -55,6 +55,7 @@ DEPEND="${RDEPEND}
PATCHES=(
"${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch"
+ "${FILESDIR}/${PN}-5.0.6_configure-no-sphinx-pdflatex-automagic.patch"
"${FILESDIR}/${PN}-6.0.0_default-config.patch"
)
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
@ 2021-09-03 12:29 Marek Szuba
0 siblings, 0 replies; 11+ messages in thread
From: Marek Szuba @ 2021-09-03 12:29 UTC (permalink / raw
To: gentoo-commits
commit: 006177dd01fe7fa3b6dbe378189b0cba1e9e69ee
Author: Marek Szuba <marecki <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 3 12:28:57 2021 +0000
Commit: Marek Szuba <marecki <AT> gentoo <DOT> org>
CommitDate: Fri Sep 3 12:28:57 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=006177dd
net-analyzer/suricata: get rid of dev-libs/hyperscan automagic
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>
...ta-5.0.7_configure-no-hyperscan-automagic.patch | 24 ++++++++++++++++++++++
net-analyzer/suricata/suricata-5.0.7-r1.ebuild | 3 ++-
net-analyzer/suricata/suricata-6.0.3-r1.ebuild | 3 ++-
3 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/net-analyzer/suricata/files/suricata-5.0.7_configure-no-hyperscan-automagic.patch b/net-analyzer/suricata/files/suricata-5.0.7_configure-no-hyperscan-automagic.patch
new file mode 100644
index 00000000000..69a857408ee
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-5.0.7_configure-no-hyperscan-automagic.patch
@@ -0,0 +1,24 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -729,8 +729,11 @@
+ fi
+
+ # libhs
+- enable_hyperscan="no"
+-
++ AC_ARG_ENABLE(hyperscan,
++ AS_HELP_STRING([--enable-hyperscan], [Enable high-performance regex matching with hyperscan]),
++ [enable_hyperscan=$enableval],
++ [enable_hyperscan=no])
++ if test "x$enable_hyperscan" != "xno"; then
+ # Try pkg-config first:
+ PKG_CHECK_MODULES([libhs], libhs,, [with_pkgconfig_libhs=no])
+ if test "$with_pkgconfig_libhs" != "no"; then
+@@ -765,6 +768,7 @@
+ enable_hyperscan="no"
+ fi
+ fi
++ fi
+ AS_IF([test "x$enable_hyperscan" = "xyes"], [AC_DEFINE([BUILD_HYPERSCAN], [1], [Intel Hyperscan support enabled])])
+
+ # libyaml
diff --git a/net-analyzer/suricata/suricata-5.0.7-r1.ebuild b/net-analyzer/suricata/suricata-5.0.7-r1.ebuild
index 8d11af4dcc5..58594b6169a 100644
--- a/net-analyzer/suricata/suricata-5.0.7-r1.ebuild
+++ b/net-analyzer/suricata/suricata-5.0.7-r1.ebuild
@@ -53,11 +53,11 @@ DEPEND="${RDEPEND}
>=sys-devel/autoconf-2.69-r5
virtual/rust"
-# TODO: get rid of hyperscan automagic as well
PATCHES=(
"${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch"
"${FILESDIR}/${PN}-5.0.1_default-config.patch"
"${FILESDIR}/${PN}-5.0.6_configure-no-sphinx-pdflatex-automagic.patch"
+ "${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch"
)
pkg_pretend() {
@@ -94,6 +94,7 @@ src_configure() {
$(use_enable geoip) \
$(use_enable hardened gccprotect) \
$(use_enable hardened pie) \
+ $(use_enable hyperscan) \
$(use_enable lz4) \
$(use_enable nflog) \
$(use_enable nfqueue) \
diff --git a/net-analyzer/suricata/suricata-6.0.3-r1.ebuild b/net-analyzer/suricata/suricata-6.0.3-r1.ebuild
index 64dd427cc0d..29b2cdff3c0 100644
--- a/net-analyzer/suricata/suricata-6.0.3-r1.ebuild
+++ b/net-analyzer/suricata/suricata-6.0.3-r1.ebuild
@@ -53,10 +53,10 @@ DEPEND="${RDEPEND}
>=sys-devel/autoconf-2.69-r5
virtual/rust"
-# TODO: get rid of hyperscan automagic as well
PATCHES=(
"${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch"
"${FILESDIR}/${PN}-5.0.6_configure-no-sphinx-pdflatex-automagic.patch"
+ "${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch"
"${FILESDIR}/${PN}-6.0.0_default-config.patch"
)
@@ -94,6 +94,7 @@ src_configure() {
$(use_enable geoip) \
$(use_enable hardened gccprotect) \
$(use_enable hardened pie) \
+ $(use_enable hyperscan) \
$(use_enable lz4) \
$(use_enable nflog) \
$(use_enable nfqueue) \
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
@ 2022-08-24 15:36 Marek Szuba
0 siblings, 0 replies; 11+ messages in thread
From: Marek Szuba @ 2022-08-24 15:36 UTC (permalink / raw
To: gentoo-commits
commit: cfb2e41c5dff7fa16debdb27c58fcdfb66f3c5b8
Author: Marek Szuba <marecki <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 24 15:34:28 2022 +0000
Commit: Marek Szuba <marecki <AT> gentoo <DOT> org>
CommitDate: Wed Aug 24 15:36:18 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cfb2e41c
net-analyzer/suricata: remove bashisms from the init script
Closes: https://bugs.gentoo.org/840945
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>
net-analyzer/suricata/files/suricata.confd | 62 +++++++++
net-analyzer/suricata/files/suricata.initd | 147 +++++++++++++++++++++
...icata-6.0.6.ebuild => suricata-6.0.6-r1.ebuild} | 4 +-
3 files changed, 211 insertions(+), 2 deletions(-)
diff --git a/net-analyzer/suricata/files/suricata.confd b/net-analyzer/suricata/files/suricata.confd
new file mode 100644
index 000000000000..7f22113dbf0d
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata.confd
@@ -0,0 +1,62 @@
+# Config file for /etc/init.d/suricata*
+
+# Where config files are stored. Default:
+
+# SURICATA_DIR="/etc/suricata"
+
+# Pass options to each suricata service.
+#
+# You can launch more than one service at the same time with different options.
+# This can be useful in a multi-queue gateway, for example.
+# You can expand on the Suricata inline example found at:
+# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html
+# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance"
+# on several queues. You can then have a Suricata instance processing traffic for each queue.
+# This should help improve performance on the gateway/firewall.
+#
+# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following:
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
+#
+# Edit both suricata-q{0,1}.yaml files and set values accordingly.
+# You can override these yaml config file names with SURICATA_CONF* below (optional).
+# This allows you to use the same yaml config file for multiple instances as long as you override
+# sensible options such as the log file paths.
+# SURICATA_CONF_q0="suricata-queues.yaml"
+# SURICATA_CONF_q1="suricata-queues.yaml"
+# SURICATA_CONF="suricata.yaml"
+
+# You can define the options here:
+# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you.
+
+# SURICATA_OPTS_q0="-q 0"
+# SURICATA_OPTS_q1="-q 1"
+
+# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata
+# then you can set:
+
+SURICATA_OPTS="--af-packet"
+
+# Log paths listed here will be created by the init script and will override the log path
+# set in the yaml file, if present.
+# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
+# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
+# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"
+
+# Run as user/group.
+# Do not define if you want to run as root or as the user defined in the yaml config file (run-as).
+# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below.
+# SURICATA_USER_q0="suricata"
+# SURICATA_GROUP_q0="suricata"
+# SURICATA_USER_q1="suricata"
+# SURICATA_GROUP_q1="suricata"
+# SURICATA_USER="suricata"
+# SURICATA_GROUP="suricata"
+
+# Suricata processes can take a long time to shut down.
+# If necessary, adjust timeout in seconds to be used when calling stop from the init script.
+# Examples:
+# SURICATA_MAX_WAIT_ON_STOP="300"
+# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30"
diff --git a/net-analyzer/suricata/files/suricata.initd b/net-analyzer/suricata/files/suricata.initd
new file mode 100644
index 000000000000..154636ef828e
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata.initd
@@ -0,0 +1,147 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+SURICATA_BIN=/usr/bin/suricata
+SURICATA_DIR=${SURICATA_DIR:-/etc/suricata}
+SURICATA=${SVCNAME#*.}
+SURICATAID=$(shell_var "${SURICATA}")
+if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
+ eval SURICATACONF=\$SURICATA_CONF_${SURICATAID}
+ [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
+ SURICATAPID="/run/suricata/suricata.${SURICATA}.pid"
+ eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
+ eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
+ eval SURICATAUSER=\$SURICATA_USER_${SURICATAID}
+ eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID}
+else
+ SURICATACONF=${SURICATA_CONF}
+ [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
+ SURICATAPID="/run/suricata/suricata.pid"
+ SURICATAOPTS=${SURICATA_OPTS}
+ SURICATALOGPATH=${SURICATA_LOG_FILE}
+ SURICATAUSER=${SURICATA_USER}
+ SURICATAGROUP=${SURICATA_GROUP}
+fi
+SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}}
+SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}}
+[ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}"
+[ -z "${SURICATA_MAX_WAIT_ON_STOP}" ] || SURICATA_RETRY="--retry ${SURICATA_MAX_WAIT_ON_STOP}"
+
+description="Suricata IDS/IPS"
+extra_commands="checkconfig dump"
+description_checkconfig="Check config for ${SVCNAME}"
+description_dump="List all config values that can be used with --set"
+extra_started_commands="reload relog"
+description_reload="Live rule and config reload"
+description_relog="Close and re-open all log files"
+
+depend() {
+ need net
+ after mysql
+ after postgresql
+}
+
+checkconfig() {
+ if [ ! -d "/run/suricata" ] ; then
+ checkpath -d /run/suricata
+ fi
+ if [ ${#SURICATALOGPATH} -gt 0 ]; then
+ SURICATALOGFILE=$( basename ${SURICATALOGPATH} )
+ SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
+ SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
+ if [ ! -d "${SURICATALOGPATH}" ] ; then
+ checkpath -d "${SURICATALOGPATH}"
+ fi
+ if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && [ -e "${SURICATALOGPATH}" ]; then
+ chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}" || return 1
+ chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1
+ fi
+ SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
+ SURICATALOGPATH="-l ${SURICATALOGPATH}"
+ fi
+ if [ ! -e ${SURICATACONF} ] ; then
+ einfo "The configuration file ${SURICATACONF} was not found."
+ einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata."
+ einfo "Take a look at the suricata arguments --set and --dump-config."
+ fi
+ if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+ einfo "${SVCNAME} will run as user ${SURICATAUSER}:${SURICATAGROUP}."
+ SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} --group=${SURICATAGROUP}"
+ fi
+}
+
+initpidinfo() {
+ [ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})"
+ if [ ${#SUR_PID} -gt 0 ]; then
+ SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
+ SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)"
+ fi
+}
+
+checkpidinfo() {
+ initpidinfo
+ if [ ! -e ${SURICATAPID} ]; then
+ eerror "${SVCNAME} isn't running"
+ return 1
+ elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then
+ eerror "Could not determine PID of ${SVCNAME}! Did the service crash?"
+ return 1
+ elif [ ${#SUR_USER} -eq 0 ]; then
+ eerror "Unable to determine user running ${SVCNAME}!"
+ return 1
+ elif [ "x${SUR_USER}" != "xroot" ]; then
+ ewarn "${SVCNAME} may need to be running as root or as a priviledged user for the extra commands reload and relog to work."
+ fi
+}
+
+start() {
+ checkconfig || return 1
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
+ -- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1
+ local SUR_EXIT=$?
+ if [ $((SUR_EXIT)) -ne 0 ]; then
+ einfo "Could not start ${SURICATA_BIN} with:"
+ einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH}"
+ einfo "Exit code ${SUR_EXIT}"
+ fi
+ eend ${SUR_EXIT}
+}
+
+stop() {
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop ${SURICATA_RETRY} --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
+ eend $?
+}
+
+reload() {
+ checkpidinfo || return 1
+ checkconfig || return 1
+ ebegin "Sending USR2 signal to ${SVCNAME} to perform a live rule and config reload."
+ if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+ start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal USR2 --pidfile ${SURICATAPID}
+ else
+ start-stop-daemon --signal USR2 --pidfile ${SURICATAPID}
+ fi
+ eend $?
+}
+
+relog() {
+ checkpidinfo || return 1
+ checkconfig || return 1
+ ebegin "Sending HUP signal to ${SVCNAME} to close and re-open all log files."
+ if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+ start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal HUP --pidfile ${SURICATAPID}
+ else
+ start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
+ fi
+ eend $?
+}
+
+dump() {
+ checkconfig || return 1
+ ebegin "Dumping ${SVCNAME} config values and quitting."
+ ${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH}
+ eend $?
+}
diff --git a/net-analyzer/suricata/suricata-6.0.6.ebuild b/net-analyzer/suricata/suricata-6.0.6-r1.ebuild
similarity index 98%
rename from net-analyzer/suricata/suricata-6.0.6.ebuild
rename to net-analyzer/suricata/suricata-6.0.6-r1.ebuild
index 054eb7c52431..aa3162a55d94 100644
--- a/net-analyzer/suricata/suricata-6.0.6.ebuild
+++ b/net-analyzer/suricata/suricata-6.0.6-r1.ebuild
@@ -145,8 +145,8 @@ src_install() {
fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
fperms 2750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update"
- newinitd "${FILESDIR}/${PN}-5.0.1-init" ${PN}
- newconfd "${FILESDIR}/${PN}-5.0.1-conf" ${PN}
+ newinitd "${FILESDIR}/${PN}.initd" ${PN}
+ newconfd "${FILESDIR}/${PN}.confd" ${PN}
systemd_dounit "${FILESDIR}"/${PN}.service
newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
@ 2023-10-25 22:04 Marek Szuba
0 siblings, 0 replies; 11+ messages in thread
From: Marek Szuba @ 2023-10-25 22:04 UTC (permalink / raw
To: gentoo-commits
commit: f9c0cfde624dc27b32b3681e678fdf8f19af04aa
Author: Marek Szuba <marecki <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 25 21:56:36 2023 +0000
Commit: Marek Szuba <marecki <AT> gentoo <DOT> org>
CommitDate: Wed Oct 25 22:04:28 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9c0cfde
net-analyzer/suricata: add 7.0.2
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>
net-analyzer/suricata/Manifest | 2 +
....2_configure-no-sphinx-pdflatex-automagic.patch | 20 ++
net-analyzer/suricata/suricata-7.0.2.ebuild | 221 +++++++++++++++++++++
3 files changed, 243 insertions(+)
diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index 1fff5793c937..60f9530b2507 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -2,3 +2,5 @@ DIST suricata-6.0.13.tar.gz 27411308 BLAKE2B 47dcc47253c462510494dac35a4aa41a110
DIST suricata-6.0.13.tar.gz.sig 566 BLAKE2B 880dccc4db0f322bd11f123fb2ad012a2904e4bee5ed0c2f161e0baee7054acde2234a9da94184ba67a5bb7adab1da10ca00c7850ae1a046dea07b91297b8476 SHA512 3578087d3ee4bcc8e0f6bd704e42d553b4baf208fc04002f4931bf8d23babe7727a25720c52143a3c423f1cc1f5513105e177fd4368b40927d6fe7234db9de65
DIST suricata-7.0.0.tar.gz 23426302 BLAKE2B dc5026ee32dd679c18d8953048f7694c6ef69e9b60d91153e1fad5f0d757ccfcb0423ed6f3e21a27f02f6647476923d5c90e1ba83656249509414316f06cd18b SHA512 b512a8d9e7ce26b362be4e4b1e27b97c0fd6dad109e440d6227916a373e85341336782c0870a2b380fa215f4d2e8d86728f105a6af75d8662d746cee1752347d
DIST suricata-7.0.0.tar.gz.sig 566 BLAKE2B 11033671642c953282fbb0dda0647d12ee143b16e1ee6202f0cc9bcee94eb123139e075ea860002851c2d37f3c9c7e90b72ef22c6cd0ea82dbf63d2bad852068 SHA512 216463c103c5f5fed3cb83190e78939b1efb6fcfe3f6bb8a023ff8a8df85fd7ad024fcc1d9720f196c6dbe3a3c80285a3689bf6e575ff51253a1e5df1a142fcb
+DIST suricata-7.0.2.tar.gz 23445403 BLAKE2B 5af50f6f0d91ba233b1cc373c073e72824f10d6df20c27041d5fd11d25c7be6b1941beccf0fb18612d6277eaa7bb1d47d8fedbd34f580ba87d352c45d4d51725 SHA512 bca6eb64495d36fcc83522e29a8ec24653752930d001191fca1d72de5513537fdb8c1805fc45afe55b5fb3a68cf3747af609eec46070505dcd5d9e53c0ed9b95
+DIST suricata-7.0.2.tar.gz.sig 566 BLAKE2B 8a931361acfa5e945fe9a3a03b38c65ff7f59da88a9af9c3f5a4b15ec880de6f22038a45d27c480c75489df0a90373f3cee44c48a266226fae89c00ed78b6e5f SHA512 0a46c8fef1d68f76c08c314613e558027dc7700a72628b5708dbc36c5c1943d816120c569692103d75d284cd7027cdda0d4ef9ab436992d7d2ec101e18aa5056
diff --git a/net-analyzer/suricata/files/suricata-7.0.2_configure-no-sphinx-pdflatex-automagic.patch b/net-analyzer/suricata/files/suricata-7.0.2_configure-no-sphinx-pdflatex-automagic.patch
new file mode 100644
index 000000000000..07fddac0a6d2
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-7.0.2_configure-no-sphinx-pdflatex-automagic.patch
@@ -0,0 +1,20 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -2231,7 +2231,7 @@
+ fi
+
+ # sphinx-build for documentation, and also check for a new enough version
+- AC_PATH_PROG([SPHINX_BUILD], [sphinx-build], [no])
++ SPHINX_BUILD="no"
+ if test "$SPHINX_BUILD" != "no"; then
+ MIN_SPHINX_BUILD_VERSION="3.4.3"
+ sphinx_build_version=$($SPHINX_BUILD --version 2>&1 | cut -d' ' -f2-)
+@@ -2257,7 +2257,7 @@
+ AM_CONDITIONAL([HAVE_SURICATA_MAN], [test "x$have_suricata_man" = "xyes"])
+
+ # pdflatex for the pdf version of the user manual
+- AC_PATH_PROG(HAVE_PDFLATEX, pdflatex, "no")
++ HAVE_PDFLATEX="no"
+ if test "$HAVE_PDFLATEX" = "no"; then
+ enable_pdflatex=no
+ fi
diff --git a/net-analyzer/suricata/suricata-7.0.2.ebuild b/net-analyzer/suricata/suricata-7.0.2.ebuild
new file mode 100644
index 000000000000..a5ec879adeaf
--- /dev/null
+++ b/net-analyzer/suricata/suricata-7.0.2.ebuild
@@ -0,0 +1,221 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( lua5-1 luajit )
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd tmpfiles verify-sig
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
+HOMEPAGE="https://suricata.io/"
+SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz
+ verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )"
+
+LICENSE="GPL-2"
+SLOT="0/7"
+KEYWORDS="~amd64 ~riscv ~x86"
+IUSE="+af-packet af-xdp bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue redis systemd test"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/openinfosecfoundation.org.asc"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+ af-xdp? ( bpf )
+ bpf? ( af-packet )
+ lua? ( ${LUA_REQUIRED_USE} )"
+
+RDEPEND="${PYTHON_DEPS}
+ acct-group/suricata
+ acct-user/suricata
+ dev-libs/jansson:=
+ dev-libs/libpcre2
+ dev-libs/libyaml
+ net-libs/libnet:*
+ net-libs/libnfnetlink
+ dev-libs/nspr
+ dev-libs/nss
+ $(python_gen_cond_dep '
+ dev-python/pyyaml[${PYTHON_USEDEP}]
+ ')
+ >=net-libs/libhtp-0.5.45
+ net-libs/libpcap
+ sys-apps/file
+ sys-libs/libcap-ng
+ af-xdp? ( net-libs/xdp-tools )
+ bpf? ( dev-libs/libbpf )
+ cuda? ( dev-util/nvidia-cuda-toolkit )
+ geoip? ( dev-libs/libmaxminddb:= )
+ hyperscan? ( dev-libs/hyperscan )
+ lua? ( ${LUA_DEPS} )
+ lz4? ( app-arch/lz4 )
+ nflog? ( net-libs/libnetfilter_log )
+ nfqueue? ( net-libs/libnetfilter_queue )
+ redis? ( dev-libs/hiredis:= )"
+DEPEND="${RDEPEND}
+ >=sys-devel/autoconf-2.69-r5
+ virtual/rust"
+BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-oisf-20200807 )"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch"
+ "${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch"
+ "${FILESDIR}/${PN}-6.0.0_default-config.patch"
+ "${FILESDIR}/${PN}-7.0.2_configure-no-sphinx-pdflatex-automagic.patch"
+)
+
+pkg_pretend() {
+ if use af-xdp && use kernel_linux; then
+ if kernel_is -lt 4 18; then
+ ewarn "Kernel 4.18 or newer is required for AF_XDP"
+ fi
+ fi
+
+ if use bpf && use kernel_linux; then
+ if kernel_is -lt 4 15; then
+ ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map"
+ fi
+
+ CONFIG_CHECK="~XDP_SOCKETS"
+ ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata to load XDP programs. "
+ ERROR_XDP_SOCKETS+="Other eBPF features should work normally."
+ check_extra_config
+ fi
+}
+
+src_prepare() {
+ default
+ sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" || die
+ eautoreconf
+}
+
+src_configure() {
+ # Bug #861242
+ filter-lto
+
+ local myeconfargs=(
+ "--localstatedir=/var" \
+ "--runstatedir=/run" \
+ "--enable-non-bundled-htp" \
+ "--enable-gccmarch-native=no" \
+ "--enable-python" \
+ $(use_enable af-packet) \
+ $(use_enable af-xdp) \
+ $(use_enable bpf ebpf) \
+ $(use_enable control-socket unix-socket) \
+ $(use_enable cuda) \
+ $(use_enable detection) \
+ $(use_enable geoip) \
+ $(use_enable hardened gccprotect) \
+ $(use_enable hardened pie) \
+ $(use_enable hyperscan) \
+ $(use_enable lz4) \
+ $(use_enable nflog) \
+ $(use_enable nfqueue) \
+ $(use_enable redis hiredis) \
+ $(use_enable test unittests) \
+ "--disable-coccinelle"
+ )
+ if use lua; then
+ if use lua_single_target_luajit; then
+ myeconfargs+=( --enable-luajit )
+ else
+ myeconfargs+=( --enable-lua )
+ fi
+ fi
+
+ if use debug; then
+ myeconfargs+=( $(use_enable debug) )
+ # so we can get a backtrace according to "reporting bugs" on upstream web site
+ QA_FLAGS_IGNORED="usr/bin/${PN}"
+ CFLAGS="-ggdb -O0" econf ${myeconfargs[@]}
+ else
+ econf ${myeconfargs[@]}
+ fi
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ python_optimize
+ # Bug #878855
+ python_fix_shebang "${ED}"/usr/bin/
+
+ if use bpf; then
+ rm -f ebpf/Makefile.{am,in} || die
+ dodoc -r ebpf/
+ keepdir /usr/libexec/suricata/ebpf
+ fi
+
+ insinto "/etc/${PN}"
+ doins etc/{classification,reference}.config threshold.config suricata.yaml
+
+ keepdir "/var/lib/${PN}/rules" "/var/lib/${PN}/update"
+ keepdir "/var/log/${PN}"
+
+ fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+ fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+ fperms 6750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update"
+
+ newinitd "${FILESDIR}/${PN}.initd" ${PN}
+ newconfd "${FILESDIR}/${PN}.confd" ${PN}
+ systemd_dounit "${FILESDIR}"/${PN}.service
+ newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf
+
+ insopts -m0644
+ insinto /etc/logrotate.d
+ newins etc/${PN}.logrotate ${PN}
+}
+
+pkg_postinst() {
+ tmpfiles_process ${PN}.conf
+
+ elog
+ if use systemd; then
+ elog "Suricata requires either the mode of operation (e.g. --af-packet) or the interface to listen on (e.g. -i eth0)"
+ elog "to be specified on the command line. The provided systemd unit launches Suricata in af-packet mode and relies"
+ elog "on file configuration to specify interfaces, should you prefer to run it differently you will have to customise"
+ elog "said unit. The simplest way of doing it is to override the Environment=OPTIONS='...' line using a .conf file"
+ elog "placed in the directory ${EPREFIX}/etc/systemd/system/suricata.service.d/ ."
+ elog "For details, see the section on drop-in directories in systemd.unit(5)."
+ else
+ elog "The ${PN} init script expects to find the path to the configuration"
+ elog "file as well as extra options in /etc/conf.d."
+ elog
+ elog "To create more than one ${PN} service, simply create a new .yaml file for it"
+ elog "then create a symlink to the init script from a link called"
+ elog "${PN}.foo - like so"
+ elog " cd /etc/${PN}"
+ elog " ${EDITOR##*/} suricata-foo.yaml"
+ elog " cd /etc/init.d"
+ elog " ln -s ${PN} ${PN}.foo"
+ elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
+ elog
+ elog "You can create as many ${PN}.foo* services as you wish."
+ fi
+
+ if use bpf; then
+ elog
+ elog "eBPF/XDP files must be compiled (using sys-devel/clang[llvm_targets_BPF]) before use"
+ elog "because their configuration is hard-coded. You can find the default ones in"
+ elog " ${EPREFIX}/usr/share/doc/${PF}/ebpf"
+ elog "and the common location for eBPF bytecode is"
+ elog " ${EPREFIX}/usr/libexec/${PN}"
+ elog "For more information, see https://${PN}.readthedocs.io/en/${P}/capture-hardware/ebpf-xdp.html"
+ fi
+
+ if use debug; then
+ elog
+ elog "You have enabled the debug USE flag. Please read this link to report bugs upstream:"
+ elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"
+ elog "You need to also ensure the FEATURES variable in make.conf contains the"
+ elog "'nostrip' option to produce useful core dumps or back traces."
+ fi
+
+ elog
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
+ elog "To download and install an initial set of rules, run:"
+ elog " suricata-update"
+ fi
+ elog
+}
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/
@ 2024-04-24 12:39 Marek Szuba
0 siblings, 0 replies; 11+ messages in thread
From: Marek Szuba @ 2024-04-24 12:39 UTC (permalink / raw
To: gentoo-commits
commit: 2befe2774f886be18f6897f2b4ff63094fdd9126
Author: Marek Szuba <marecki <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 24 12:37:24 2024 +0000
Commit: Marek Szuba <marecki <AT> gentoo <DOT> org>
CommitDate: Wed Apr 24 12:38:20 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2befe277
net-analyzer/suricata: add 7.0.5, drop 7.0.4
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>
net-analyzer/suricata/Manifest | 4 +--
.../suricata-7.0.3_fix-build-with-gcc14.patch | 39 ----------------------
.../suricata-7.0.5_configure-fortify_source.patch | 18 ++++++++++
...suricata-7.0.4.ebuild => suricata-7.0.5.ebuild} | 4 +--
4 files changed, 22 insertions(+), 43 deletions(-)
diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index f41fad6e6ffa..fdaacd396d1e 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -1,2 +1,2 @@
-DIST suricata-7.0.4.tar.gz 23610769 BLAKE2B 6c85ee7134548261a5a766ee3e7c0ce095ef478e9323342f17bb48eb0abc74035a66212c7f7e6ba45bd2efd552d82ad6d218d4b09279877f60526f8f79de9764 SHA512 098364a5f0b2c14bf3a0c8895ec9c94a23edd990468f618fa35181c54405be6db012a6e97981e0024140864342764df97101be73308c835d6fabf6cd98a7ffc3
-DIST suricata-7.0.4.tar.gz.sig 566 BLAKE2B 56a8d3ba556a233b0f27a992c20e2654a44f5205bfd731662e96f1a6cf5e925d00014f2d379458c917527415c5c3020f897528fb35e6681bcbddde670567e6f0 SHA512 f2694f9a6cc4d644bb629ae49deef22517a970a78fa500384b51b3ed9119fdfa4ff4a4524de55d3b02bf16dc36c52419bc0424f65dd02b0b56349c5d2fc00a52
+DIST suricata-7.0.5.tar.gz 23612189 BLAKE2B 9a44e4561edcc8909853b88779aa520a79b684ca9114479a95b2b34f8e34b6a0f5887d4b332dddb9da225335d7642089345e7f245a1ebce68f42f38126eb4b58 SHA512 4eae28a78e1e9595c7f37215e9cccdf417235eadf3c8a9dc4cb531d7dc3fb353c903154ee745df7a44620d299998b84f15d6db95e5f0562744ff7cbaac398d34
+DIST suricata-7.0.5.tar.gz.sig 566 BLAKE2B f1e4885f92d13e3168ae44b2fd2b134e1eee9a71f4d92ee8e60df65af3558f4dfa64919955dc60d597d0ef6c6a92b505ab5974fc2f07cd8dc8b4d889eaa4b4c2 SHA512 5f6c2904441c0cb414990a89a2c5a640da9ef25b572512cb2dbb607c7e469186982299acc98414067f8119c8e7c2d433f1b8cf38d1a3c95235a493311230bfc7
diff --git a/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch b/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch
deleted file mode 100644
index 7ebacf76852c..000000000000
--- a/net-analyzer/suricata/files/suricata-7.0.3_fix-build-with-gcc14.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Bug: From b5280929c58559c178415ce199157b5c87171258 Mon Sep 17 00:00:00 2001
-From: Brahmajit Das <brahmajit.xyz@gmail.com>
-Date: Tue, 20 Feb 2024 12:05:57 +0530
-Subject: [PATCH 1/1] Fix passing incompatible pointer type with GCC 14
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-GCC 14 (and newer compilers like Clang 16) enables
--Wincompatible-pointer-types by default, along with some other flags.
-Thus resulting in build errors such as
-
-util-host-info.c: In function ‘SCKernelVersionIsAtLeast’:
-util-host-info.c:94:31: error: passing argument 1 of ‘pcre2_substring_list_free_8’ from incompatible pointer type [-Wincompatible-pointer-types]
- 94 | pcre2_substring_list_free((PCRE2_SPTR *)list);
- | ^~~~~~~~~~~~~~~~~~
- | |
- | const PCRE2_UCHAR8 ** {aka const unsigned char **}
-
-Removing the casting make suricata build with GCC 14.
-
-First discovered on Gentoo Linux with GCC 14
-
-Bug: https://bugs.gentoo.org/925011
-Signed-off-by: Brahmajit Das <brahmajit.xyz@gmail.com>
---- a/src/util-host-info.c
-+++ b/src/util-host-info.c
-@@ -91,7 +91,7 @@ int SCKernelVersionIsAtLeast(int major, int minor)
- err = true;
- }
-
-- pcre2_substring_list_free((PCRE2_SPTR *)list);
-+ pcre2_substring_list_free(list);
- pcre2_match_data_free(version_regex_match);
- pcre2_code_free(version_regex);
-
---
-2.43.2
-
diff --git a/net-analyzer/suricata/files/suricata-7.0.5_configure-fortify_source.patch b/net-analyzer/suricata/files/suricata-7.0.5_configure-fortify_source.patch
new file mode 100644
index 000000000000..302f9bb382f3
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-7.0.5_configure-fortify_source.patch
@@ -0,0 +1,18 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -339,15 +339,6 @@
+ [AC_MSG_RESULT(no)])
+ CFLAGS="${TMPCFLAGS}"
+
+- #compile-time best-practices errors for certain libc functions, provides checks of buffer lengths and memory regions
+- AC_MSG_CHECKING(for -D_FORTIFY_SOURCE=2)
+- TMPCFLAGS="${CFLAGS}"
+- CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2"
+- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECCFLAGS="${SECCFLAGS} -D_FORTIFY_SOURCE=2"
+- AC_MSG_RESULT(yes)],
+- [AC_MSG_RESULT(no)])
+- CFLAGS="${TMPCFLAGS}"
+-
+ #compile-time warnings about misuse of format strings
+ AC_MSG_CHECKING(for -Wformat -Wformat-security)
+ TMPCFLAGS="${CFLAGS}"
diff --git a/net-analyzer/suricata/suricata-7.0.4.ebuild b/net-analyzer/suricata/suricata-7.0.5.ebuild
similarity index 98%
rename from net-analyzer/suricata/suricata-7.0.4.ebuild
rename to net-analyzer/suricata/suricata-7.0.5.ebuild
index 60817c7c0306..d6d60eada0b0 100644
--- a/net-analyzer/suricata/suricata-7.0.4.ebuild
+++ b/net-analyzer/suricata/suricata-7.0.5.ebuild
@@ -39,7 +39,7 @@ RDEPEND="${PYTHON_DEPS}
$(python_gen_cond_dep '
dev-python/pyyaml[${PYTHON_USEDEP}]
')
- >=net-libs/libhtp-0.5.47
+ >=net-libs/libhtp-0.5.48
net-libs/libpcap
sys-apps/file
sys-libs/libcap-ng
@@ -63,7 +63,7 @@ PATCHES=(
"${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch"
"${FILESDIR}/${PN}-6.0.0_default-config.patch"
"${FILESDIR}/${PN}-7.0.2_configure-no-sphinx-pdflatex-automagic.patch"
- "${FILESDIR}/${PN}-7.0.3_fix-build-with-gcc14.patch"
+ "${FILESDIR}/${PN}-7.0.5_configure-fortify_source.patch"
)
pkg_pretend() {
^ permalink raw reply related [flat|nested] 11+ messages in thread
end of thread, other threads:[~2024-04-24 12:39 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-12-18 14:22 [gentoo-commits] repo/gentoo:master commit in: net-analyzer/suricata/files/, net-analyzer/suricata/ Marek Szuba
-- strict thread matches above, loose matches on Subject: below --
2024-04-24 12:39 Marek Szuba
2023-10-25 22:04 Marek Szuba
2022-08-24 15:36 Marek Szuba
2021-09-03 12:29 Marek Szuba
2021-05-11 22:07 Marek Szuba
2019-12-16 18:14 Marek Szuba
2019-09-08 19:25 Slawek Lis
2017-02-17 5:40 Slawek Lis
2016-12-22 11:32 Slawek Lis
2016-12-15 6:17 Slawek Lis
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox