[gentoo-commits] repo/gentoo:master commit in: net-analyzer/snort/ - gentoo-commits

From:	Jeroen Roovers <jer@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-analyzer/snort/
Date:	Thu, 09 Jan 2020 14:08:22
Message-Id:	`1578578893.af4e0472267d3b89555155ea22f28ddc18d17ae8.jer@gentoo`

1

commit:     af4e0472267d3b89555155ea22f28ddc18d17ae8

2

Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>

3

AuthorDate: Thu Jan  9 14:07:43 2020 +0000

4

Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>

5

CommitDate: Thu Jan  9 14:08:13 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af4e0472

7

8

net-analyzer/snort: Version 2.9.15.1

9

10

Package-Manager: Portage-2.3.84, Repoman-2.3.20

11

Closes: https://bugs.gentoo.org/691886

12

Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org>

13

14

 net-analyzer/snort/Manifest              |   1 +

15

 net-analyzer/snort/snort-2.9.15.1.ebuild | 258 +++++++++++++++++++++++++++++++

16

 2 files changed, 259 insertions(+)

17

18

diff --git a/net-analyzer/snort/Manifest b/net-analyzer/snort/Manifest

19

index 0e5321e5027..5265d060602 100644

20

--- a/net-analyzer/snort/Manifest

21

+++ b/net-analyzer/snort/Manifest

22

@@ -1,3 +1,4 @@

23

 DIST snort-2.9.12.tar.gz 6456877 BLAKE2B af5584fe01caf9af2f2188e1362bd927a884354ddcb3026af514dddc1264b557691e1644d3c24e85c3b5b5f515dd9fccdd8d38ebc7c28d2f384fb822e27d8bb8 SHA512 6f759b321ca5496abf27c9e4f4fa003cd5167f8c8a160bf5f0b1aee1a93aa8d27de89b84bdf993a0bfb3a93c6315cb2bdbdc3fdb3b09b8d4d1d3c22b69c6783f

24

+DIST snort-2.9.15.1.tar.gz 6618999 BLAKE2B d9f661b036afa2130d406f8bcfa8d33fca482983e0e4785218e08899104c9069809b089631940109ee31e8d197783d994c58417d94f4b5282702e51466f828fa SHA512 9940f5bcdcf04823f9cb5c3f8efda72f98f6a47bce9f40399dec9ec41d23a386c7f7e44861d82368de31546123b920f9fc617197bbf9c5e750724bf8b9e19590

25

 DIST snort-2.9.15.tar.gz 6704763 BLAKE2B adef13e3368dbbb9e023d79ec4f75c9652af8d26642b83f1f413e39faf966281b09713854e3a8aa385647b375102a667b10ee96d6f1cebb2f92c9fc7f29a2eb5 SHA512 21830dc4c9ce7b5bc96defa800f78de6ad24c1ab96dbeab0d79a7bf4298a81d6bdb4be8fd3bbec3b28b33aa7bb27cdc48a2a00b33c494f68d1649bc609928eea

26

 DIST snort-2.9.8.3.tar.gz 6244304 BLAKE2B cb77c80dde0b5b32ba0fe36cd07e1f6f465127e4be207ba6cd3b7c7dff75f4537c86c6a88d744a924b99d0b4ac864add2c9111c63e51dc4c7dc23f8d19a6c792 SHA512 2f3dfe46e14a5106a02ca60b2d334549f4924ff916de0804b2b7792cdd31e104fbb454b4b932855b5f25a861698db0f8988844782b12b0e5fa132d88d4a7a687

27

28

diff --git a/net-analyzer/snort/snort-2.9.15.1.ebuild b/net-analyzer/snort/snort-2.9.15.1.ebuild

29

new file mode 100644

30

index 00000000000..03b19a93531

31

--- /dev/null

32

+++ b/net-analyzer/snort/snort-2.9.15.1.ebuild

33

@@ -0,0 +1,258 @@

34

+# Copyright 1999-2020 Gentoo Authors

35

+# Distributed under the terms of the GNU General Public License v2

36

+

37

+EAPI=7

38

+inherit autotools user systemd tmpfiles multilib

39

+

40

+DESCRIPTION="The de facto standard for intrusion detection/prevention"

41

+HOMEPAGE="https://www.snort.org"

42

+SRC_URI="https://www.snort.org/downloads/archive/${PN}/${P}.tar.gz"

43

+LICENSE="GPL-2"

44

+SLOT="0"

45

+KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86"

46

+IUSE="static +gre +ppm +perfprofiling

47

++non-ether-decoders control-socket file-inspect high-availability

48

+shared-rep side-channel sourcefire linux-smp-stats inline-init-failopen

49

++threads debug +active-response reload-error-restart open-appid

50

++react +flexresp3 large-pcap-64bit selinux +libtirpc"

51

+

52

+DEPEND=">=net-libs/libpcap-1.3.0

53

+	>=net-libs/daq-2.0.2

54

+	>=dev-libs/libpcre-8.33

55

+	dev-libs/libdnet

56

+	net-libs/libnsl:0=

57

+	sys-libs/zlib

58

+	!libtirpc? ( sys-libs/glibc[rpc(-)] )

59

+	libtirpc? ( net-libs/libtirpc )

60

+	open-appid? ( dev-lang/luajit:= )

61

+"

62

+

63

+RDEPEND="${DEPEND}

64

+	selinux? ( sec-policy/selinux-snort )"

65

+

66

+REQUIRED_USE="!kernel_linux? ( !shared-rep )"

67

+

68

+PATCHES=(

69

+	"${FILESDIR}"/${PN}-2.9.8.3-no-implicit.patch

70

+	"${FILESDIR}"/${PN}-2.9.8.3-rpc.patch

71

+	"${FILESDIR}"/${PN}-2.9.12-snort.pc.patch

72

+)

73

+

74

+pkg_setup() {

75

+	# pre_inst() is a better place to put this

76

+	# but we need it here for the 'fowners' statements in src_install()

77

+	enewgroup snort

78

+	enewuser snort -1 -1 /dev/null snort

79

+

80

+}

81

+

82

+src_prepare() {

83

+	default

84

+

85

+	# Multilib fix for the sf_engine

86

+	ebegin "Applying multilib fix"

87

+	sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \

88

+		"${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \

89

+		|| die "sed for sf_engine failed"

90

+

91

+	# Multilib fix for the curent set of dynamic-preprocessors

92

+	for i in file ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop sip reputation gtp modbus dnp3; do

93

+		sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \

94

+			"${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \

95

+			|| die "sed for $i failed."

96

+	done

97

+	eend

98

+

99

+	mv configure.{in,ac} || die

100

+

101

+	AT_M4DIR=m4 eautoreconf

102

+}

103

+

104

+src_configure() {

105

+	econf \

106

+		$(use_enable !static shared) \

107

+		$(use_enable static) \

108

+		$(use_enable static so-with-static-lib) \

109

+		$(use_enable gre) \

110

+		$(use_enable control-socket) \

111

+		$(use_enable file-inspect) \

112

+		$(use_enable high-availability ha) \

113

+		$(use_enable non-ether-decoders) \

114

+		$(use_enable shared-rep) \

115

+		$(use_enable side-channel) \

116

+		$(use_enable sourcefire) \

117

+		$(use_enable ppm) \

118

+		$(use_enable perfprofiling) \

119

+		$(use_enable linux-smp-stats) \

120

+		$(use_enable inline-init-failopen) \

121

+		$(use_enable open-appid) \

122

+		$(use_enable threads pthread) \

123

+		$(use_enable debug) \

124

+		$(use_enable debug debug-msgs) \

125

+		$(use_enable debug corefiles) \

126

+		$(use_enable !debug dlclose) \

127

+		$(use_enable active-response) \

128

+		$(use_enable reload-error-restart) \

129

+		$(use_enable react) \

130

+		$(use_enable flexresp3) \

131

+		$(use_enable large-pcap-64bit large-pcap) \

132

+		$(use_with libtirpc) \

133

+		--enable-mpls \

134

+		--enable-normalizer \

135

+		--enable-reload \

136

+		--enable-targetbased \

137

+		--disable-build-dynamic-examples \

138

+		--disable-profile \

139

+		--disable-ppm-test \

140

+		--disable-intel-soft-cpm \

141

+		--disable-static-daq

142

+}

143

+

144

+src_install() {

145

+	default

146

+

147

+	keepdir /var/log/snort \

148

+		/etc/snort/rules \

149

+		/etc/snort/so_rules \

150

+		/usr/$(get_libdir)/snort_dynamicrules

151

+

152

+	# config.log and build.log are needed by Sourcefire

153

+	# to trouble shoot build problems and bug reports so we are

154

+	# perserving them incase the user needs upstream support.

155

+	dodoc RELEASE.NOTES ChangeLog \

156

+		doc/* \

157

+		tools/u2boat/README.u2boat

158

+

159

+	insinto /etc/snort

160

+	doins etc/attribute_table.dtd \

161

+		etc/classification.config \

162

+		etc/gen-msg.map \

163

+		etc/reference.config \

164

+		etc/threshold.conf \

165

+		etc/unicode.map

166

+

167

+	# We use snort.conf.distrib because the config file is complicated

168

+	# and the one shipped with snort can change drastically between versions.

169

+	# Users should migrate setting by hand and not with etc-update.

170

+	newins etc/snort.conf snort.conf.distrib

171

+

172

+	# config.log and build.log are needed by Sourcefire

173

+	# to troubleshoot build problems and bug reports so we are

174

+	# preserving them incase the user needs upstream support.

175

+	if [ -f "${WORKDIR}/${PF}/config.log" ]; then

176

+		dodoc "${WORKDIR}/${PF}/config.log"

177

+	fi

178

+	if [ -f "${T}/build.log" ]; then

179

+		dodoc "${T}/build.log"

180

+	fi

181

+

182

+	insinto /etc/snort/preproc_rules

183

+	doins preproc_rules/decoder.rules \

184

+		preproc_rules/preprocessor.rules \

185

+		preproc_rules/sensitive-data.rules

186

+

187

+	fowners -R snort:snort \

188

+		/var/log/snort \

189

+		/etc/snort

190

+

191

+	newinitd "${FILESDIR}/snort.rc12" snort

192

+	newconfd "${FILESDIR}/snort.confd.2" snort

193

+	systemd_newunit "${FILESDIR}/snort_at.service" "snort@.service"

194

+

195

+	newtmpfiles "${FILESDIR}"/snort.tmpfiles snort.conf

196

+

197

+	# Sourcefire uses Makefiles to install docs causing Bug #297190.

198

+	# This removes the unwanted doc directory and rogue Makefiles.

199

+	rm -rf "${ED%/}"/usr/share/doc/snort || die "Failed to remove SF doc directories"

200

+	rm "${ED%/}"/usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files"

201

+

202

+	# Remove unneeded .la files (Bug #382863)

203

+	rm "${ED%/}"/usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die

204

+	rm "${ED%/}"/usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la"

205

+

206

+	# Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection

207

+	sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \

208

+		"${ED%/}/etc/snort/snort.conf.distrib" || die

209

+

210

+	# Set the correct rule location in the config

211

+	sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \

212

+		"${ED%/}/etc/snort/snort.conf.distrib" || die

213

+

214

+	# Set the correct preprocessor/decoder rule location in the config

215

+	sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \

216

+		"${ED%/}/etc/snort/snort.conf.distrib" || die

217

+

218

+	# Enable the preprocessor/decoder rules

219

+	sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \

220

+		"${ED%/}/etc/snort/snort.conf.distrib" || die

221

+

222

+	sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \

223

+		"${ED%/}/etc/snort/snort.conf.distrib" || die

224

+

225

+	# Just some clean up of trailing /'s in the config

226

+	sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \

227

+		"${ED%/}/etc/snort/snort.conf.distrib" || die

228

+

229

+	# Make it clear in the config where these are...

230

+	sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \

231

+		"${ED%/}/etc/snort/snort.conf.distrib" || die

232

+

233

+	sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \

234

+		"${ED%/}/etc/snort/snort.conf.distrib" || die

235

+

236

+	# Disable all rule files by default.

237

+	sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \

238

+		"${ED%}/etc/snort/snort.conf.distrib" || die

239

+

240

+	# Set the configured DAQ to afpacket

241

+	sed -i -e 's|^# config daq: <type>|config daq: afpacket|g' \

242

+		"${ED%}/etc/snort/snort.conf.distrib" || die

243

+

244

+	# Set the location of the DAQ modules

245

+	sed -i -e 's|^# config daq_dir: <dir>|config daq_dir: /usr/'$(get_libdir)'/daq|g' \

246

+		"${ED%}/etc/snort/snort.conf.distrib" || die

247

+

248

+	# Set the DAQ mode to passive

249

+	sed -i -e 's|^# config daq_mode: <mode>|config daq_mode: passive|g' \

250

+		"${ED%}/etc/snort/snort.conf.distrib" || die

251

+

252

+	# Set snort to run as snort:snort

253

+	sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \

254

+		"${ED%/}/etc/snort/snort.conf.distrib" || die

255

+	sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \

256

+		"${ED%/}/etc/snort/snort.conf.distrib" || die

257

+

258

+	# Set the default log dir

259

+	sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \

260

+		"${ED%/}/etc/snort/snort.conf.distrib" || die

261

+

262

+	# Set the correct so_rule location in the config

263

+	sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \

264

+		"${ED%/}/etc/snort/snort.conf.distrib" || die

265

+}

266

+

267

+pkg_postinst() {

268

+	tmpfiles_process snort.conf

269

+

270

+	einfo "There have been a number of improvements and new features"

271

+	einfo "added to ${P}. Please review the RELEASE.NOTES and"

272

+	einfo "ChangLog located in /usr/share/doc/${PF}."

273

+	einfo

274

+	elog "The Sourcefire Vulnerability Research Team (VRT) recommends that"

275

+	elog "users migrate their snort.conf customizations to the latest config"

276

+	elog "file released by the VRT. You can find the latest version of the"

277

+	elog "Snort config file in /etc/snort/snort.conf.distrib."

278

+	elog

279

+	elog "!! It is important that you migrate to this new snort.conf file !!"

280

+	elog

281

+	elog "This version of the ebuild includes an updated init.d file and"

282

+	elog "conf.d file that rely on options found in the latest Snort"

283

+	elog "config file provided by the VRT."

284

+

285

+	if use debug; then

286

+		elog "You have the 'debug' USE flag enabled. If this has been done to"

287

+		elog "troubleshoot an issue by producing a core dump or a back trace,"

288

+		elog "then you need to also ensure the FEATURES variable in make.conf"

289

+		elog "contains the 'nostrip' option."

290

+	fi

291

+}

1	commit: af4e0472267d3b89555155ea22f28ddc18d17ae8
2	Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
3	AuthorDate: Thu Jan 9 14:07:43 2020 +0000
4	Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
5	CommitDate: Thu Jan 9 14:08:13 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af4e0472
7
8	net-analyzer/snort: Version 2.9.15.1
9
10	Package-Manager: Portage-2.3.84, Repoman-2.3.20
11	Closes: https://bugs.gentoo.org/691886
12	Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org>
13
14	net-analyzer/snort/Manifest \| 1 +
15	net-analyzer/snort/snort-2.9.15.1.ebuild \| 258 +++++++++++++++++++++++++++++++
16	2 files changed, 259 insertions(+)
17
18	diff --git a/net-analyzer/snort/Manifest b/net-analyzer/snort/Manifest
19	index 0e5321e5027..5265d060602 100644
20	--- a/net-analyzer/snort/Manifest
21	+++ b/net-analyzer/snort/Manifest
22	@@ -1,3 +1,4 @@
23	DIST snort-2.9.12.tar.gz 6456877 BLAKE2B af5584fe01caf9af2f2188e1362bd927a884354ddcb3026af514dddc1264b557691e1644d3c24e85c3b5b5f515dd9fccdd8d38ebc7c28d2f384fb822e27d8bb8 SHA512 6f759b321ca5496abf27c9e4f4fa003cd5167f8c8a160bf5f0b1aee1a93aa8d27de89b84bdf993a0bfb3a93c6315cb2bdbdc3fdb3b09b8d4d1d3c22b69c6783f
24	+DIST snort-2.9.15.1.tar.gz 6618999 BLAKE2B d9f661b036afa2130d406f8bcfa8d33fca482983e0e4785218e08899104c9069809b089631940109ee31e8d197783d994c58417d94f4b5282702e51466f828fa SHA512 9940f5bcdcf04823f9cb5c3f8efda72f98f6a47bce9f40399dec9ec41d23a386c7f7e44861d82368de31546123b920f9fc617197bbf9c5e750724bf8b9e19590
25	DIST snort-2.9.15.tar.gz 6704763 BLAKE2B adef13e3368dbbb9e023d79ec4f75c9652af8d26642b83f1f413e39faf966281b09713854e3a8aa385647b375102a667b10ee96d6f1cebb2f92c9fc7f29a2eb5 SHA512 21830dc4c9ce7b5bc96defa800f78de6ad24c1ab96dbeab0d79a7bf4298a81d6bdb4be8fd3bbec3b28b33aa7bb27cdc48a2a00b33c494f68d1649bc609928eea
26	DIST snort-2.9.8.3.tar.gz 6244304 BLAKE2B cb77c80dde0b5b32ba0fe36cd07e1f6f465127e4be207ba6cd3b7c7dff75f4537c86c6a88d744a924b99d0b4ac864add2c9111c63e51dc4c7dc23f8d19a6c792 SHA512 2f3dfe46e14a5106a02ca60b2d334549f4924ff916de0804b2b7792cdd31e104fbb454b4b932855b5f25a861698db0f8988844782b12b0e5fa132d88d4a7a687
27
28	diff --git a/net-analyzer/snort/snort-2.9.15.1.ebuild b/net-analyzer/snort/snort-2.9.15.1.ebuild
29	new file mode 100644
30	index 00000000000..03b19a93531
31	--- /dev/null
32	+++ b/net-analyzer/snort/snort-2.9.15.1.ebuild
33	@@ -0,0 +1,258 @@
34	+# Copyright 1999-2020 Gentoo Authors
35	+# Distributed under the terms of the GNU General Public License v2
36	+
37	+EAPI=7
38	+inherit autotools user systemd tmpfiles multilib
39	+
40	+DESCRIPTION="The de facto standard for intrusion detection/prevention"
41	+HOMEPAGE="https://www.snort.org"
42	+SRC_URI="https://www.snort.org/downloads/archive/${PN}/${P}.tar.gz"
43	+LICENSE="GPL-2"
44	+SLOT="0"
45	+KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86"
46	+IUSE="static +gre +ppm +perfprofiling
47	++non-ether-decoders control-socket file-inspect high-availability
48	+shared-rep side-channel sourcefire linux-smp-stats inline-init-failopen
49	++threads debug +active-response reload-error-restart open-appid
50	++react +flexresp3 large-pcap-64bit selinux +libtirpc"
51	+
52	+DEPEND=">=net-libs/libpcap-1.3.0
53	+ >=net-libs/daq-2.0.2
54	+ >=dev-libs/libpcre-8.33
55	+ dev-libs/libdnet
56	+ net-libs/libnsl:0=
57	+ sys-libs/zlib
58	+ !libtirpc? ( sys-libs/glibc[rpc(-)] )
59	+ libtirpc? ( net-libs/libtirpc )
60	+ open-appid? ( dev-lang/luajit:= )
61	+"
62	+
63	+RDEPEND="${DEPEND}
64	+ selinux? ( sec-policy/selinux-snort )"
65	+
66	+REQUIRED_USE="!kernel_linux? ( !shared-rep )"
67	+
68	+PATCHES=(
69	+ "${FILESDIR}"/${PN}-2.9.8.3-no-implicit.patch
70	+ "${FILESDIR}"/${PN}-2.9.8.3-rpc.patch
71	+ "${FILESDIR}"/${PN}-2.9.12-snort.pc.patch
72	+)
73	+
74	+pkg_setup() {
75	+ # pre_inst() is a better place to put this
76	+ # but we need it here for the 'fowners' statements in src_install()
77	+ enewgroup snort
78	+ enewuser snort -1 -1 /dev/null snort
79	+
80	+}
81	+
82	+src_prepare() {
83	+ default
84	+
85	+ # Multilib fix for the sf_engine
86	+ ebegin "Applying multilib fix"
87	+ sed -i -e 's\|${exec_prefix}/lib\|${exec_prefix}/'$(get_libdir)'\|g' \
88	+ "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \
89	+ \|\| die "sed for sf_engine failed"
90	+
91	+ # Multilib fix for the curent set of dynamic-preprocessors
92	+ for i in file ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop sip reputation gtp modbus dnp3; do
93	+ sed -i -e 's\|${exec_prefix}/lib\|${exec_prefix}/'$(get_libdir)'\|g' \
94	+ "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \
95	+ \|\| die "sed for $i failed."
96	+ done
97	+ eend
98	+
99	+ mv configure.{in,ac} \|\| die
100	+
101	+ AT_M4DIR=m4 eautoreconf
102	+}
103	+
104	+src_configure() {
105	+ econf \
106	+ $(use_enable !static shared) \
107	+ $(use_enable static) \
108	+ $(use_enable static so-with-static-lib) \
109	+ $(use_enable gre) \
110	+ $(use_enable control-socket) \
111	+ $(use_enable file-inspect) \
112	+ $(use_enable high-availability ha) \
113	+ $(use_enable non-ether-decoders) \
114	+ $(use_enable shared-rep) \
115	+ $(use_enable side-channel) \
116	+ $(use_enable sourcefire) \
117	+ $(use_enable ppm) \
118	+ $(use_enable perfprofiling) \
119	+ $(use_enable linux-smp-stats) \
120	+ $(use_enable inline-init-failopen) \
121	+ $(use_enable open-appid) \
122	+ $(use_enable threads pthread) \
123	+ $(use_enable debug) \
124	+ $(use_enable debug debug-msgs) \
125	+ $(use_enable debug corefiles) \
126	+ $(use_enable !debug dlclose) \
127	+ $(use_enable active-response) \
128	+ $(use_enable reload-error-restart) \
129	+ $(use_enable react) \
130	+ $(use_enable flexresp3) \
131	+ $(use_enable large-pcap-64bit large-pcap) \
132	+ $(use_with libtirpc) \
133	+ --enable-mpls \
134	+ --enable-normalizer \
135	+ --enable-reload \
136	+ --enable-targetbased \
137	+ --disable-build-dynamic-examples \
138	+ --disable-profile \
139	+ --disable-ppm-test \
140	+ --disable-intel-soft-cpm \
141	+ --disable-static-daq
142	+}
143	+
144	+src_install() {
145	+ default
146	+
147	+ keepdir /var/log/snort \
148	+ /etc/snort/rules \
149	+ /etc/snort/so_rules \
150	+ /usr/$(get_libdir)/snort_dynamicrules
151	+
152	+ # config.log and build.log are needed by Sourcefire
153	+ # to trouble shoot build problems and bug reports so we are
154	+ # perserving them incase the user needs upstream support.
155	+ dodoc RELEASE.NOTES ChangeLog \
156	+ doc/* \
157	+ tools/u2boat/README.u2boat
158	+
159	+ insinto /etc/snort
160	+ doins etc/attribute_table.dtd \
161	+ etc/classification.config \
162	+ etc/gen-msg.map \
163	+ etc/reference.config \
164	+ etc/threshold.conf \
165	+ etc/unicode.map
166	+
167	+ # We use snort.conf.distrib because the config file is complicated
168	+ # and the one shipped with snort can change drastically between versions.
169	+ # Users should migrate setting by hand and not with etc-update.
170	+ newins etc/snort.conf snort.conf.distrib
171	+
172	+ # config.log and build.log are needed by Sourcefire
173	+ # to troubleshoot build problems and bug reports so we are
174	+ # preserving them incase the user needs upstream support.
175	+ if [ -f "${WORKDIR}/${PF}/config.log" ]; then
176	+ dodoc "${WORKDIR}/${PF}/config.log"
177	+ fi
178	+ if [ -f "${T}/build.log" ]; then
179	+ dodoc "${T}/build.log"
180	+ fi
181	+
182	+ insinto /etc/snort/preproc_rules
183	+ doins preproc_rules/decoder.rules \
184	+ preproc_rules/preprocessor.rules \
185	+ preproc_rules/sensitive-data.rules
186	+
187	+ fowners -R snort:snort \
188	+ /var/log/snort \
189	+ /etc/snort
190	+
191	+ newinitd "${FILESDIR}/snort.rc12" snort
192	+ newconfd "${FILESDIR}/snort.confd.2" snort
193	+ systemd_newunit "${FILESDIR}/snort_at.service" "snort@.service"
194	+
195	+ newtmpfiles "${FILESDIR}"/snort.tmpfiles snort.conf
196	+
197	+ # Sourcefire uses Makefiles to install docs causing Bug #297190.
198	+ # This removes the unwanted doc directory and rogue Makefiles.
199	+ rm -rf "${ED%/}"/usr/share/doc/snort \|\| die "Failed to remove SF doc directories"
200	+ rm "${ED%/}"/usr/share/doc/"${PF}"/Makefile* \|\| die "Failed to remove doc make files"
201	+
202	+ # Remove unneeded .la files (Bug #382863)
203	+ rm "${ED%/}"/usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la \|\| die
204	+ rm "${ED%/}"/usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la \|\| die "Failed to remove libsf_?_preproc.la"
205	+
206	+ # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection
207	+ sed -i -e 's\|/usr/local/lib\|/usr/'$(get_libdir)'\|g' \
208	+ "${ED%/}/etc/snort/snort.conf.distrib" \|\| die
209	+
210	+ # Set the correct rule location in the config
211	+ sed -i -e 's\|RULE_PATH ../rules\|RULE_PATH /etc/snort/rules\|g' \
212	+ "${ED%/}/etc/snort/snort.conf.distrib" \|\| die
213	+
214	+ # Set the correct preprocessor/decoder rule location in the config
215	+ sed -i -e 's\|PREPROC_RULE_PATH ../preproc_rules\|PREPROC_RULE_PATH /etc/snort/preproc_rules\|g' \
216	+ "${ED%/}/etc/snort/snort.conf.distrib" \|\| die
217	+
218	+ # Enable the preprocessor/decoder rules
219	+ sed -i -e 's\|^# include $PREPROC_RULE_PATH\|include $PREPROC_RULE_PATH\|g' \
220	+ "${ED%/}/etc/snort/snort.conf.distrib" \|\| die
221	+
222	+ sed -i -e 's\|^# dynamicdetection directory\|dynamicdetection directory\|g' \
223	+ "${ED%/}/etc/snort/snort.conf.distrib" \|\| die
224	+
225	+ # Just some clean up of trailing /'s in the config
226	+ sed -i -e 's\|snort_dynamicpreprocessor/$\|snort_dynamicpreprocessor\|g' \
227	+ "${ED%/}/etc/snort/snort.conf.distrib" \|\| die
228	+
229	+ # Make it clear in the config where these are...
230	+ sed -i -e 's\|^include classification.config\|include /etc/snort/classification.config\|g' \
231	+ "${ED%/}/etc/snort/snort.conf.distrib" \|\| die
232	+
233	+ sed -i -e 's\|^include reference.config\|include /etc/snort/reference.config\|g' \
234	+ "${ED%/}/etc/snort/snort.conf.distrib" \|\| die
235	+
236	+ # Disable all rule files by default.
237	+ sed -i -e 's\|^include $RULE_PATH\|# include $RULE_PATH\|g' \
238	+ "${ED%}/etc/snort/snort.conf.distrib" \|\| die
239	+
240	+ # Set the configured DAQ to afpacket
241	+ sed -i -e 's\|^# config daq: <type>\|config daq: afpacket\|g' \
242	+ "${ED%}/etc/snort/snort.conf.distrib" \|\| die
243	+
244	+ # Set the location of the DAQ modules
245	+ sed -i -e 's\|^# config daq_dir: <dir>\|config daq_dir: /usr/'$(get_libdir)'/daq\|g' \
246	+ "${ED%}/etc/snort/snort.conf.distrib" \|\| die
247	+
248	+ # Set the DAQ mode to passive
249	+ sed -i -e 's\|^# config daq_mode: <mode>\|config daq_mode: passive\|g' \
250	+ "${ED%}/etc/snort/snort.conf.distrib" \|\| die
251	+
252	+ # Set snort to run as snort:snort
253	+ sed -i -e 's\|^# config set_gid:\|config set_gid: snort\|g' \
254	+ "${ED%/}/etc/snort/snort.conf.distrib" \|\| die
255	+ sed -i -e 's\|^# config set_uid:\|config set_uid: snort\|g' \
256	+ "${ED%/}/etc/snort/snort.conf.distrib" \|\| die
257	+
258	+ # Set the default log dir
259	+ sed -i -e 's\|^# config logdir:\|config logdir: /var/log/snort/\|g' \
260	+ "${ED%/}/etc/snort/snort.conf.distrib" \|\| die
261	+
262	+ # Set the correct so_rule location in the config
263	+ sed -i -e 's\|SO_RULE_PATH ../so_rules\|SO_RULE_PATH /etc/snort/so_rules\|g' \
264	+ "${ED%/}/etc/snort/snort.conf.distrib" \|\| die
265	+}
266	+
267	+pkg_postinst() {
268	+ tmpfiles_process snort.conf
269	+
270	+ einfo "There have been a number of improvements and new features"
271	+ einfo "added to ${P}. Please review the RELEASE.NOTES and"
272	+ einfo "ChangLog located in /usr/share/doc/${PF}."
273	+ einfo
274	+ elog "The Sourcefire Vulnerability Research Team (VRT) recommends that"
275	+ elog "users migrate their snort.conf customizations to the latest config"
276	+ elog "file released by the VRT. You can find the latest version of the"
277	+ elog "Snort config file in /etc/snort/snort.conf.distrib."
278	+ elog
279	+ elog "!! It is important that you migrate to this new snort.conf file !!"
280	+ elog
281	+ elog "This version of the ebuild includes an updated init.d file and"
282	+ elog "conf.d file that rely on options found in the latest Snort"
283	+ elog "config file provided by the VRT."
284	+
285	+ if use debug; then
286	+ elog "You have the 'debug' USE flag enabled. If this has been done to"
287	+ elog "troubleshoot an issue by producing a core dump or a back trace,"
288	+ elog "then you need to also ensure the FEATURES variable in make.conf"
289	+ elog "contains the 'nostrip' option."
290	+ fi
291	+}

Gentoo Archives: gentoo-commits