Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sergei Trofimovich <slyfox@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-analyzer/snort/files/, net-analyzer/snort/
Date: Wed, 12 Oct 2016 21:17:44
Message-Id: 1476307038.5183ad7acf9d419dcd6b80e572d1e96d80a1f9cf.slyfox@gentoo
1 commit: 5183ad7acf9d419dcd6b80e572d1e96d80a1f9cf
2 Author: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
3 AuthorDate: Wed Oct 12 21:17:08 2016 +0000
4 Commit: Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
5 CommitDate: Wed Oct 12 21:17:18 2016 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5183ad7a
7
8 net-analyzer/snort: fix USE="-*" build failures, bug #595512
9
10 Minimum buildable configurations is:
11 USE="-* targetbased normalizer mpls"
12
13 Surrounding code assumes availability enums and defines
14 guarded by these flags. Enable them unconditionally.
15
16 Bug: https://bugs.gentoo.org/595512
17
18 Package-Manager: portage-2.3.2
19
20 .../snort/files/snort-2.9.8.3-no-implicit.patch | 8 +
21 net-analyzer/snort/snort-2.9.8.3-r1.ebuild | 255 +++++++++++++++++++++
22 2 files changed, 263 insertions(+)
23
24 diff --git a/net-analyzer/snort/files/snort-2.9.8.3-no-implicit.patch b/net-analyzer/snort/files/snort-2.9.8.3-no-implicit.patch
25 new file mode 100644
26 index 00000000..7faf9a4
27 --- /dev/null
28 +++ b/net-analyzer/snort/files/snort-2.9.8.3-no-implicit.patch
29 @@ -0,0 +1,8 @@
30 +diff --git a/src/preprocessors/perf_indicators.c b/src/preprocessors/perf_indicators.c
31 +index d859fe7..c183552 100755
32 +--- a/src/preprocessors/perf_indicators.c
33 ++++ b/src/preprocessors/perf_indicators.c
34 +@@ -25,2 +25,3 @@
35 + #include "perf_indicators.h"
36 ++#include "cpuclock.h" /* get_ticks_per_usec */
37 +
38
39 diff --git a/net-analyzer/snort/snort-2.9.8.3-r1.ebuild b/net-analyzer/snort/snort-2.9.8.3-r1.ebuild
40 new file mode 100644
41 index 00000000..d0be6ef
42 --- /dev/null
43 +++ b/net-analyzer/snort/snort-2.9.8.3-r1.ebuild
44 @@ -0,0 +1,255 @@
45 +# Copyright 1999-2016 Gentoo Foundation
46 +# Distributed under the terms of the GNU General Public License v2
47 +# $Id$
48 +
49 +EAPI=6
50 +inherit autotools multilib user
51 +
52 +DESCRIPTION="The de facto standard for intrusion detection/prevention"
53 +HOMEPAGE="http://www.snort.org/"
54 +SRC_URI="https://www.snort.org/downloads/${PN}/${P}.tar.gz"
55 +LICENSE="GPL-2"
56 +SLOT="0"
57 +KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86"
58 +IUSE="static +gre +ppm +perfprofiling
59 ++non-ether-decoders control-socket file-inspect high-availability
60 +shared-rep side-channel sourcefire linux-smp-stats inline-init-failopen
61 ++threads debug +active-response reload-error-restart
62 ++react +flexresp3 large-pcap-64bit selinux"
63 +
64 +DEPEND=">=net-libs/libpcap-1.3.0
65 + >=net-libs/daq-2.0.2
66 + >=dev-libs/libpcre-8.33
67 + dev-libs/libdnet
68 + sys-libs/zlib"
69 +
70 +RDEPEND="${DEPEND}
71 + selinux? ( sec-policy/selinux-snort )"
72 +
73 +REQUIRED_USE="!kernel_linux? ( !shared-rep )"
74 +
75 +PATCHES=(
76 + "${FILESDIR}"/${P}-no-implicit.patch
77 +)
78 +
79 +pkg_setup() {
80 +
81 + # pre_inst() is a better place to put this
82 + # but we need it here for the 'fowners' statements in src_install()
83 + enewgroup snort
84 + enewuser snort -1 -1 /dev/null snort
85 +
86 +}
87 +
88 +src_prepare() {
89 + default
90 +
91 + # Multilib fix for the sf_engine
92 + ebegin "Applying multilib fix"
93 + sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \
94 + "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \
95 + || die "sed for sf_engine failed"
96 +
97 + # Multilib fix for the curent set of dynamic-preprocessors
98 + for i in file ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop sip reputation gtp modbus dnp3; do
99 + sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \
100 + "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \
101 + || die "sed for $i failed."
102 + done
103 + eend
104 +
105 + AT_M4DIR=m4 eautoreconf
106 +}
107 +
108 +src_configure() {
109 +
110 + econf \
111 + $(use_enable !static shared) \
112 + $(use_enable static) \
113 + $(use_enable static so-with-static-lib) \
114 + $(use_enable gre) \
115 + $(use_enable control-socket) \
116 + $(use_enable file-inspect) \
117 + $(use_enable high-availability ha) \
118 + $(use_enable non-ether-decoders) \
119 + $(use_enable shared-rep) \
120 + $(use_enable side-channel) \
121 + $(use_enable sourcefire) \
122 + $(use_enable ppm) \
123 + $(use_enable perfprofiling) \
124 + $(use_enable linux-smp-stats) \
125 + $(use_enable inline-init-failopen) \
126 + $(use_enable threads pthread) \
127 + $(use_enable debug) \
128 + $(use_enable debug debug-msgs) \
129 + $(use_enable debug corefiles) \
130 + $(use_enable !debug dlclose) \
131 + $(use_enable active-response) \
132 + $(use_enable reload-error-restart) \
133 + $(use_enable react) \
134 + $(use_enable flexresp3) \
135 + $(use_enable large-pcap-64bit large-pcap) \
136 + --enable-mpls \
137 + --enable-normalizer \
138 + --enable-reload \
139 + --enable-targetbased \
140 + --disable-build-dynamic-examples \
141 + --disable-profile \
142 + --disable-ppm-test \
143 + --disable-intel-soft-cpm \
144 + --disable-static-daq
145 +}
146 +
147 +src_install() {
148 +
149 + emake DESTDIR="${D}" install
150 +
151 + dodir /var/log/snort \
152 + /var/run/snort \
153 + /etc/snort/rules \
154 + /etc/snort/so_rules \
155 + /usr/$(get_libdir)/snort_dynamicrules
156 +
157 + # config.log and build.log are needed by Sourcefire
158 + # to trouble shoot build problems and bug reports so we are
159 + # perserving them incase the user needs upstream support.
160 + dodoc RELEASE.NOTES ChangeLog \
161 + doc/* \
162 + tools/u2boat/README.u2boat
163 +
164 + insinto /etc/snort
165 + doins etc/attribute_table.dtd \
166 + etc/classification.config \
167 + etc/gen-msg.map \
168 + etc/reference.config \
169 + etc/threshold.conf \
170 + etc/unicode.map
171 +
172 + # We use snort.conf.distrib because the config file is complicated
173 + # and the one shipped with snort can change drastically between versions.
174 + # Users should migrate setting by hand and not with etc-update.
175 + newins etc/snort.conf snort.conf.distrib
176 +
177 + # config.log and build.log are needed by Sourcefire
178 + # to troubleshoot build problems and bug reports so we are
179 + # preserving them incase the user needs upstream support.
180 + if [ -f "${WORKDIR}/${PF}/config.log" ]; then
181 + dodoc "${WORKDIR}/${PF}/config.log"
182 + fi
183 + if [ -f "${T}/build.log" ]; then
184 + dodoc "${T}/build.log"
185 + fi
186 +
187 + insinto /etc/snort/preproc_rules
188 + doins preproc_rules/decoder.rules \
189 + preproc_rules/preprocessor.rules \
190 + preproc_rules/sensitive-data.rules
191 +
192 + fowners -R snort:snort \
193 + /var/log/snort \
194 + /var/run/snort \
195 + /etc/snort
196 +
197 + newinitd "${FILESDIR}/snort.rc12" snort
198 + newconfd "${FILESDIR}/snort.confd.2" snort
199 +
200 + # Sourcefire uses Makefiles to install docs causing Bug #297190.
201 + # This removes the unwanted doc directory and rogue Makefiles.
202 + rm -rf "${D}"usr/share/doc/snort || die "Failed to remove SF doc directories"
203 + rm "${D}"usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files"
204 +
205 + # Remove unneeded .la files (Bug #382863)
206 + rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die
207 + rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la"
208 +
209 + # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection
210 + sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \
211 + "${D}etc/snort/snort.conf.distrib" || die
212 +
213 + # Set the correct rule location in the config
214 + sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \
215 + "${D}etc/snort/snort.conf.distrib" || die
216 +
217 + # Set the correct preprocessor/decoder rule location in the config
218 + sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \
219 + "${D}etc/snort/snort.conf.distrib" || die
220 +
221 + # Enable the preprocessor/decoder rules
222 + sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \
223 + "${D}etc/snort/snort.conf.distrib" || die
224 +
225 + sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \
226 + "${D}etc/snort/snort.conf.distrib" || die
227 +
228 + # Just some clean up of trailing /'s in the config
229 + sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \
230 + "${D}etc/snort/snort.conf.distrib" || die
231 +
232 + # Make it clear in the config where these are...
233 + sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \
234 + "${D}etc/snort/snort.conf.distrib" || die
235 +
236 + sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \
237 + "${D}etc/snort/snort.conf.distrib" || die
238 +
239 + # Disable all rule files by default.
240 + sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \
241 + "${D}etc/snort/snort.conf.distrib" || die
242 +
243 + # Disable normalizer preprocessor config if normalizer USE flag not set.
244 + if ! use normalizer; then
245 + sed -i -e 's|^preprocessor normalize|#preprocessor normalize|g' \
246 + "${D}etc/snort/snort.conf.distrib" || die
247 + fi
248 +
249 + # Set the configured DAQ to afpacket
250 + sed -i -e 's|^# config daq: <type>|config daq: afpacket|g' \
251 + "${D}etc/snort/snort.conf.distrib" || die
252 +
253 + # Set the location of the DAQ modules
254 + sed -i -e 's|^# config daq_dir: <dir>|config daq_dir: /usr/'$(get_libdir)'/daq|g' \
255 + "${D}etc/snort/snort.conf.distrib" || die
256 +
257 + # Set the DAQ mode to passive
258 + sed -i -e 's|^# config daq_mode: <mode>|config daq_mode: passive|g' \
259 + "${D}etc/snort/snort.conf.distrib" || die
260 +
261 + # Set snort to run as snort:snort
262 + sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \
263 + "${D}etc/snort/snort.conf.distrib" || die
264 + sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \
265 + "${D}etc/snort/snort.conf.distrib" || die
266 +
267 + # Set the default log dir
268 + sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \
269 + "${D}etc/snort/snort.conf.distrib" || die
270 +
271 + # Set the correct so_rule location in the config
272 + sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \
273 + "${D}etc/snort/snort.conf.distrib" || die
274 +}
275 +
276 +pkg_postinst() {
277 +
278 + einfo "There have been a number of improvements and new features"
279 + einfo "added to ${P}. Please review the RELEASE.NOTES and"
280 + einfo "ChangLog located in /usr/share/doc/${PF}."
281 + einfo
282 + elog "The Sourcefire Vulnerability Research Team (VRT) recommends that"
283 + elog "users migrate their snort.conf customizations to the latest config"
284 + elog "file released by the VRT. You can find the latest version of the"
285 + elog "Snort config file in /etc/snort/snort.conf.distrib."
286 + elog
287 + elog "!! It is important that you migrate to this new snort.conf file !!"
288 + elog
289 + elog "This version of the ebuild includes an updated init.d file and"
290 + elog "conf.d file that rely on options found in the latest Snort"
291 + elog "config file provided by the VRT."
292 +
293 + if use debug; then
294 + elog "You have the 'debug' USE flag enabled. If this has been done to"
295 + elog "troubleshoot an issue by producing a core dump or a back trace,"
296 + elog "then you need to also ensure the FEATURES variable in make.conf"
297 + elog "contains the 'nostrip' option."
298 + fi
299 +}
Report Message
Find on MARC Find on Google Groups