commit: f9c0cfde624dc27b32b3681e678fdf8f19af04aa
Author: Marek Szuba <marecki <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 25 21:56:36 2023 +0000
Commit: Marek Szuba <marecki <AT> gentoo <DOT> org>
CommitDate: Wed Oct 25 22:04:28 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9c0cfde
net-analyzer/suricata: add 7.0.2
Signed-off-by: Marek Szuba <marecki <AT> gentoo.org>
net-analyzer/suricata/Manifest | 2 +
....2_configure-no-sphinx-pdflatex-automagic.patch | 20 ++
net-analyzer/suricata/suricata-7.0.2.ebuild | 221 +++++++++++++++++++++
3 files changed, 243 insertions(+)
diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
index 1fff5793c937..60f9530b2507 100644
--- a/net-analyzer/suricata/Manifest
+++ b/net-analyzer/suricata/Manifest
@@ -2,3 +2,5 @@ DIST suricata-6.0.13.tar.gz 27411308 BLAKE2B
47dcc47253c462510494dac35a4aa41a110
DIST suricata-6.0.13.tar.gz.sig 566 BLAKE2B
880dccc4db0f322bd11f123fb2ad012a2904e4bee5ed0c2f161e0baee7054acde2234a9da94184ba67a5bb7adab1da10ca00c7850ae1a046dea07b91297b8476
SHA512
3578087d3ee4bcc8e0f6bd704e42d553b4baf208fc04002f4931bf8d23babe7727a25720c52143a3c423f1cc1f5513105e177fd4368b40927d6fe7234db9de65
DIST suricata-7.0.0.tar.gz 23426302 BLAKE2B
dc5026ee32dd679c18d8953048f7694c6ef69e9b60d91153e1fad5f0d757ccfcb0423ed6f3e21a27f02f6647476923d5c90e1ba83656249509414316f06cd18b
SHA512
b512a8d9e7ce26b362be4e4b1e27b97c0fd6dad109e440d6227916a373e85341336782c0870a2b380fa215f4d2e8d86728f105a6af75d8662d746cee1752347d
DIST suricata-7.0.0.tar.gz.sig 566 BLAKE2B
11033671642c953282fbb0dda0647d12ee143b16e1ee6202f0cc9bcee94eb123139e075ea860002851c2d37f3c9c7e90b72ef22c6cd0ea82dbf63d2bad852068
SHA512
216463c103c5f5fed3cb83190e78939b1efb6fcfe3f6bb8a023ff8a8df85fd7ad024fcc1d9720f196c6dbe3a3c80285a3689bf6e575ff51253a1e5df1a142fcb
+DIST suricata-7.0.2.tar.gz 23445403 BLAKE2B
5af50f6f0d91ba233b1cc373c073e72824f10d6df20c27041d5fd11d25c7be6b1941beccf0fb18612d6277eaa7bb1d47d8fedbd34f580ba87d352c45d4d51725
SHA512
bca6eb64495d36fcc83522e29a8ec24653752930d001191fca1d72de5513537fdb8c1805fc45afe55b5fb3a68cf3747af609eec46070505dcd5d9e53c0ed9b95
+DIST suricata-7.0.2.tar.gz.sig 566 BLAKE2B
8a931361acfa5e945fe9a3a03b38c65ff7f59da88a9af9c3f5a4b15ec880de6f22038a45d27c480c75489df0a90373f3cee44c48a266226fae89c00ed78b6e5f
SHA512
0a46c8fef1d68f76c08c314613e558027dc7700a72628b5708dbc36c5c1943d816120c569692103d75d284cd7027cdda0d4ef9ab436992d7d2ec101e18aa5056
diff --git
a/net-analyzer/suricata/files/suricata-7.0.2_configure-no-sphinx-pdflatex-automagic.patch
b/net-analyzer/suricata/files/suricata-7.0.2_configure-no-sphinx-pdflatex-automagic.patch
new file mode 100644
index 000000000000..07fddac0a6d2
--- /dev/null
+++
b/net-analyzer/suricata/files/suricata-7.0.2_configure-no-sphinx-pdflatex-automagic.patch
@@ -0,0 +1,20 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -2231,7 +2231,7 @@
+ fi
+
+ # sphinx-build for documentation, and also check for a new enough version
+- AC_PATH_PROG([SPHINX_BUILD], [sphinx-build], [no])
++ SPHINX_BUILD="no"
+ if test "$SPHINX_BUILD" != "no"; then
+ MIN_SPHINX_BUILD_VERSION="3.4.3"
+ sphinx_build_version=$($SPHINX_BUILD --version 2>&1 | cut -d' ' -f2-)
+@@ -2257,7 +2257,7 @@
+ AM_CONDITIONAL([HAVE_SURICATA_MAN], [test "x$have_suricata_man" = "xyes"])
+
+ # pdflatex for the pdf version of the user manual
+- AC_PATH_PROG(HAVE_PDFLATEX, pdflatex, "no")
++ HAVE_PDFLATEX="no"
+ if test "$HAVE_PDFLATEX" = "no"; then
+ enable_pdflatex=no
+ fi
diff --git a/net-analyzer/suricata/suricata-7.0.2.ebuild
b/net-analyzer/suricata/suricata-7.0.2.ebuild
new file mode 100644
index 000000000000..a5ec879adeaf
--- /dev/null
+++ b/net-analyzer/suricata/suricata-7.0.2.ebuild
@@ -0,0 +1,221 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( lua5-1 luajit )
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit autotools flag-o-matic linux-info lua-single python-single-r1 systemd
tmpfiles verify-sig
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring
engine"
+HOMEPAGE="https://suricata.io/";
+SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz
+ verify-sig? (
https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )"
+
+LICENSE="GPL-2"
+SLOT="0/7"
+KEYWORDS="~amd64 ~riscv ~x86"
+IUSE="+af-packet af-xdp bpf control-socket cuda debug +detection geoip
hardened hyperscan lua lz4 nflog +nfqueue redis systemd test"
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/openinfosecfoundation.org.asc"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+ af-xdp? ( bpf )
+ bpf? ( af-packet )
+ lua? ( ${LUA_REQUIRED_USE} )"
+
+RDEPEND="${PYTHON_DEPS}
+ acct-group/suricata
+ acct-user/suricata
+ dev-libs/jansson:=
+ dev-libs/libpcre2
+ dev-libs/libyaml
+ net-libs/libnet:*
+ net-libs/libnfnetlink
+ dev-libs/nspr
+ dev-libs/nss
+ $(python_gen_cond_dep '
+ dev-python/pyyaml[${PYTHON_USEDEP}]
+ ')
+ >=net-libs/libhtp-0.5.45
+ net-libs/libpcap
+ sys-apps/file
+ sys-libs/libcap-ng
+ af-xdp? ( net-libs/xdp-tools )
+ bpf? ( dev-libs/libbpf )
+ cuda? ( dev-util/nvidia-cuda-toolkit )
+ geoip? ( dev-libs/libmaxminddb:= )
+ hyperscan? ( dev-libs/hyperscan )
+ lua? ( ${LUA_DEPS} )
+ lz4? ( app-arch/lz4 )
+ nflog? ( net-libs/libnetfilter_log )
+ nfqueue? ( net-libs/libnetfilter_queue )
+ redis? ( dev-libs/hiredis:= )"
+DEPEND="${RDEPEND}
+ >=sys-devel/autoconf-2.69-r5
+ virtual/rust"
+BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-oisf-20200807 )"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch"
+ "${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch"
+ "${FILESDIR}/${PN}-6.0.0_default-config.patch"
+ "${FILESDIR}/${PN}-7.0.2_configure-no-sphinx-pdflatex-automagic.patch"
+)
+
+pkg_pretend() {
+ if use af-xdp && use kernel_linux; then
+ if kernel_is -lt 4 18; then
+ ewarn "Kernel 4.18 or newer is required for AF_XDP"
+ fi
+ fi
+
+ if use bpf && use kernel_linux; then
+ if kernel_is -lt 4 15; then
+ ewarn "Kernel 4.15 or newer is necessary to use all XDP
features like the CPU redirect map"
+ fi
+
+ CONFIG_CHECK="~XDP_SOCKETS"
+ ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it
impossible for Suricata to load XDP programs. "
+ ERROR_XDP_SOCKETS+="Other eBPF features should work normally."
+ check_extra_config
+ fi
+}
+
+src_prepare() {
+ default
+ sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//'
"${S}/doc/Makefile.am" || die
+ eautoreconf
+}
+
+src_configure() {
+ # Bug #861242
+ filter-lto
+
+ local myeconfargs=(
+ "--localstatedir=/var" \
+ "--runstatedir=/run" \
+ "--enable-non-bundled-htp" \
+ "--enable-gccmarch-native=no" \
+ "--enable-python" \
+ $(use_enable af-packet) \
+ $(use_enable af-xdp) \
+ $(use_enable bpf ebpf) \
+ $(use_enable control-socket unix-socket) \
+ $(use_enable cuda) \
+ $(use_enable detection) \
+ $(use_enable geoip) \
+ $(use_enable hardened gccprotect) \
+ $(use_enable hardened pie) \
+ $(use_enable hyperscan) \
+ $(use_enable lz4) \
+ $(use_enable nflog) \
+ $(use_enable nfqueue) \
+ $(use_enable redis hiredis) \
+ $(use_enable test unittests) \
+ "--disable-coccinelle"
+ )
+ if use lua; then
+ if use lua_single_target_luajit; then
+ myeconfargs+=( --enable-luajit )
+ else
+ myeconfargs+=( --enable-lua )
+ fi
+ fi
+
+ if use debug; then
+ myeconfargs+=( $(use_enable debug) )
+ # so we can get a backtrace according to "reporting bugs" on
upstream web site
+ QA_FLAGS_IGNORED="usr/bin/${PN}"
+ CFLAGS="-ggdb -O0" econf ${myeconfargs[@]}
+ else
+ econf ${myeconfargs[@]}
+ fi
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ python_optimize
+ # Bug #878855
+ python_fix_shebang "${ED}"/usr/bin/
+
+ if use bpf; then
+ rm -f ebpf/Makefile.{am,in} || die
+ dodoc -r ebpf/
+ keepdir /usr/libexec/suricata/ebpf
+ fi
+
+ insinto "/etc/${PN}"
+ doins etc/{classification,reference}.config threshold.config
suricata.yaml
+
+ keepdir "/var/lib/${PN}/rules" "/var/lib/${PN}/update"
+ keepdir "/var/log/${PN}"
+
+ fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+ fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+ fperms 6750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update"
+
+ newinitd "${FILESDIR}/${PN}.initd" ${PN}
+ newconfd "${FILESDIR}/${PN}.confd" ${PN}
+ systemd_dounit "${FILESDIR}"/${PN}.service
+ newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf
+
+ insopts -m0644
+ insinto /etc/logrotate.d
+ newins etc/${PN}.logrotate ${PN}
+}
+
+pkg_postinst() {
+ tmpfiles_process ${PN}.conf
+
+ elog
+ if use systemd; then
+ elog "Suricata requires either the mode of operation (e.g.
--af-packet) or the interface to listen on (e.g. -i eth0)"
+ elog "to be specified on the command line. The provided systemd
unit launches Suricata in af-packet mode and relies"
+ elog "on file configuration to specify interfaces, should you
prefer to run it differently you will have to customise"
+ elog "said unit. The simplest way of doing it is to override
the Environment=OPTIONS='...' line using a .conf file"
+ elog "placed in the directory
${EPREFIX}/etc/systemd/system/suricata.service.d/ ."
+ elog "For details, see the section on drop-in directories in
systemd.unit(5)."
+ else
+ elog "The ${PN} init script expects to find the path to the
configuration"
+ elog "file as well as extra options in /etc/conf.d."
+ elog
+ elog "To create more than one ${PN} service, simply create a
new .yaml file for it"
+ elog "then create a symlink to the init script from a link
called"
+ elog "${PN}.foo - like so"
+ elog " cd /etc/${PN}"
+ elog " ${EDITOR##*/} suricata-foo.yaml"
+ elog " cd /etc/init.d"
+ elog " ln -s ${PN} ${PN}.foo"
+ elog "Then edit /etc/conf.d/${PN} and make sure you specify
sensible options for foo."
+ elog
+ elog "You can create as many ${PN}.foo* services as you wish."
+ fi
+
+ if use bpf; then
+ elog
+ elog "eBPF/XDP files must be compiled (using
sys-devel/clang[llvm_targets_BPF]) before use"
+ elog "because their configuration is hard-coded. You can find
the default ones in"
+ elog " ${EPREFIX}/usr/share/doc/${PF}/ebpf"
+ elog "and the common location for eBPF bytecode is"
+ elog " ${EPREFIX}/usr/libexec/${PN}"
+ elog "For more information, see
https://${PN}.readthedocs.io/en/${P}/capture-hardware/ebpf-xdp.html";
+ fi
+
+ if use debug; then
+ elog
+ elog "You have enabled the debug USE flag. Please read this
link to report bugs upstream:"
+ elog
"https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs";
+ elog "You need to also ensure the FEATURES variable in
make.conf contains the"
+ elog "'nostrip' option to produce useful core dumps or back
traces."
+ fi
+
+ elog
+ if [[ -z "${REPLACING_VERSIONS}" ]]; then
+ elog "To download and install an initial set of rules, run:"
+ elog " suricata-update"
+ fi
+ elog
+}
