[gentoo-commits] repo/gentoo:master commit in: net-analyzer/snort/files/, net-analyzer/snort/ - gentoo-commits

From:	"Andreas Hüttel" <dilfridge@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-analyzer/snort/files/, net-analyzer/snort/
Date:	Mon, 25 Sep 2017 20:47:53
Message-Id:	`1506372448.63c56087785f0a65d287ed9faa67ecfc80e85ce3.dilfridge@gentoo`

1

commit:     63c56087785f0a65d287ed9faa67ecfc80e85ce3

2

Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>

3

AuthorDate: Mon Sep 25 20:43:06 2017 +0000

4

Commit:     Andreas Hüttel <dilfridge <AT> gentoo <DOT> org>

5

CommitDate: Mon Sep 25 20:47:28 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63c56087

7

8

net-analyzer/snort: Allow building against libtirpc for rpc support, bug 631314

9

10

Closes: https://bugs.gentoo.org/631314

11

Package-Manager: Portage-2.3.10, Repoman-2.3.3

12

13

 net-analyzer/snort/files/snort-2.9.8.3-rpc.patch |  26 +++

14

 net-analyzer/snort/metadata.xml                  |   3 +

15

 net-analyzer/snort/snort-2.9.8.3-r2.ebuild       | 254 +++++++++++++++++++++++

16

 3 files changed, 283 insertions(+)

17

18

diff --git a/net-analyzer/snort/files/snort-2.9.8.3-rpc.patch b/net-analyzer/snort/files/snort-2.9.8.3-rpc.patch

19

new file mode 100644

20

index 00000000000..51ee56d8410

21

--- /dev/null

22

+++ b/net-analyzer/snort/files/snort-2.9.8.3-rpc.patch

23

@@ -0,0 +1,26 @@

24

+diff -ruN snort-2.9.8.3.orig/configure.in snort-2.9.8.3/configure.in

25

+--- snort-2.9.8.3.orig/configure.in	2016-04-26 10:08:28.000000000 -0000

26

++++ snort-2.9.8.3/configure.in	2017-09-25 20:21:17.632003858 -0000

27

+@@ -187,6 +187,22 @@

28

+ AC_CHECK_LIB(nsl, inet_ntoa)

29

+ fi

30

+

31

++AC_ARG_WITH([libtirpc],

32

++           AS_HELP_STRING([--with-libtirpc], [Use libtirpc as RPC implementation (instead of sunrpc)]),

33

++           [], [ with_libtirpc=no ])

34

++

35

++AS_IF([test "x$with_libtirpc" != xno], 

36

++      [PKG_CHECK_MODULES([TIRPC], 

37

++                         [libtirpc], 

38

++                         [extra_incl="$extra_incl $TIRPC_CFLAGS"; LIBS="$LIBS $TIRPC_LIBS";],

39

++                        [AC_MSG_ERROR([libtirpc requested, but library not found.])]

40

++                       )], 

41

++      [AC_CHECK_HEADER(rpc/rpc.h, 

42

++                      [],

43

++                      [AC_MSG_ERROR([sunrpc requested, but headers are not present.])]

44

++                     )]

45

++)

46

++

47

+ if test -z "$no_libsocket"; then

48

+ AC_CHECK_LIB(socket, socket)

49

+ fi

50

51

diff --git a/net-analyzer/snort/metadata.xml b/net-analyzer/snort/metadata.xml

52

index 145c62de86a..bfe81882b55 100644

53

--- a/net-analyzer/snort/metadata.xml

54

+++ b/net-analyzer/snort/metadata.xml

55

@@ -138,5 +138,8 @@

56

 			Allows Snort to read pcap files that are larger than 2 GB. ONLY

57

 			VALID FOR 64bit SYSTEMS!

58

 		</flag>

59

+		<flag name="libtirpc">

60

+			Build against <pkg>net-libs/libtirpc</pkg> for RPC support

61

+		</flag>

62

 	</use>

63

 </pkgmetadata>

64

65

diff --git a/net-analyzer/snort/snort-2.9.8.3-r2.ebuild b/net-analyzer/snort/snort-2.9.8.3-r2.ebuild

66

new file mode 100644

67

index 00000000000..161524dd796

68

--- /dev/null

69

+++ b/net-analyzer/snort/snort-2.9.8.3-r2.ebuild

70

@@ -0,0 +1,254 @@

71

+# Copyright 1999-2017 Gentoo Foundation

72

+# Distributed under the terms of the GNU General Public License v2

73

+

74

+EAPI=6

75

+inherit autotools multilib user

76

+

77

+DESCRIPTION="The de facto standard for intrusion detection/prevention"

78

+HOMEPAGE="http://www.snort.org/"

79

+SRC_URI="https://www.snort.org/downloads/${PN}/${P}.tar.gz"

80

+LICENSE="GPL-2"

81

+SLOT="0"

82

+KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86"

83

+IUSE="static +gre +ppm +perfprofiling

84

++non-ether-decoders control-socket file-inspect high-availability

85

+shared-rep side-channel sourcefire linux-smp-stats inline-init-failopen

86

++threads debug +active-response reload-error-restart

87

++react +flexresp3 large-pcap-64bit selinux +libtirpc"

88

+

89

+DEPEND=">=net-libs/libpcap-1.3.0

90

+	>=net-libs/daq-2.0.2

91

+	>=dev-libs/libpcre-8.33

92

+	dev-libs/libdnet

93

+	sys-libs/zlib

94

+	!libtirpc? ( sys-libs/glibc[rpc(-)] )

95

+	libtirpc? ( net-libs/libtirpc )

96

+	|| ( net-libs/libnsl <sys-libs/glibc-2.26 )

97

+"

98

+

99

+RDEPEND="${DEPEND}

100

+	selinux? ( sec-policy/selinux-snort )"

101

+

102

+REQUIRED_USE="!kernel_linux? ( !shared-rep )"

103

+

104

+PATCHES=(

105

+	"${FILESDIR}"/${P}-no-implicit.patch

106

+	"${FILESDIR}"/${P}-rpc.patch

107

+)

108

+

109

+pkg_setup() {

110

+

111

+	# pre_inst() is a better place to put this

112

+	# but we need it here for the 'fowners' statements in src_install()

113

+	enewgroup snort

114

+	enewuser snort -1 -1 /dev/null snort

115

+

116

+}

117

+

118

+src_prepare() {

119

+	default

120

+

121

+	# Multilib fix for the sf_engine

122

+	ebegin "Applying multilib fix"

123

+	sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \

124

+		"${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \

125

+		|| die "sed for sf_engine failed"

126

+

127

+	# Multilib fix for the curent set of dynamic-preprocessors

128

+	for i in file ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop sip reputation gtp modbus dnp3; do

129

+		sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \

130

+			"${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \

131

+			|| die "sed for $i failed."

132

+	done

133

+	eend

134

+

135

+	AT_M4DIR=m4 eautoreconf

136

+}

137

+

138

+src_configure() {

139

+

140

+	econf \

141

+		$(use_enable !static shared) \

142

+		$(use_enable static) \

143

+		$(use_enable static so-with-static-lib) \

144

+		$(use_enable gre) \

145

+		$(use_enable control-socket) \

146

+		$(use_enable file-inspect) \

147

+		$(use_enable high-availability ha) \

148

+		$(use_enable non-ether-decoders) \

149

+		$(use_enable shared-rep) \

150

+		$(use_enable side-channel) \

151

+		$(use_enable sourcefire) \

152

+		$(use_enable ppm) \

153

+		$(use_enable perfprofiling) \

154

+		$(use_enable linux-smp-stats) \

155

+		$(use_enable inline-init-failopen) \

156

+		$(use_enable threads pthread) \

157

+		$(use_enable debug) \

158

+		$(use_enable debug debug-msgs) \

159

+		$(use_enable debug corefiles) \

160

+		$(use_enable !debug dlclose) \

161

+		$(use_enable active-response) \

162

+		$(use_enable reload-error-restart) \

163

+		$(use_enable react) \

164

+		$(use_enable flexresp3) \

165

+		$(use_enable large-pcap-64bit large-pcap) \

166

+		$(use_with libtirpc) \

167

+		--enable-mpls \

168

+		--enable-normalizer \

169

+		--enable-reload \

170

+		--enable-targetbased \

171

+		--disable-build-dynamic-examples \

172

+		--disable-profile \

173

+		--disable-ppm-test \

174

+		--disable-intel-soft-cpm \

175

+		--disable-static-daq

176

+}

177

+

178

+src_install() {

179

+

180

+	emake DESTDIR="${D}" install

181

+

182

+	dodir /var/log/snort \

183

+		/var/run/snort \

184

+		/etc/snort/rules \

185

+		/etc/snort/so_rules \

186

+		/usr/$(get_libdir)/snort_dynamicrules

187

+

188

+	# config.log and build.log are needed by Sourcefire

189

+	# to trouble shoot build problems and bug reports so we are

190

+	# perserving them incase the user needs upstream support.

191

+	dodoc RELEASE.NOTES ChangeLog \

192

+		doc/* \

193

+		tools/u2boat/README.u2boat

194

+

195

+	insinto /etc/snort

196

+	doins etc/attribute_table.dtd \

197

+		etc/classification.config \

198

+		etc/gen-msg.map \

199

+		etc/reference.config \

200

+		etc/threshold.conf \

201

+		etc/unicode.map

202

+

203

+	# We use snort.conf.distrib because the config file is complicated

204

+	# and the one shipped with snort can change drastically between versions.

205

+	# Users should migrate setting by hand and not with etc-update.

206

+	newins etc/snort.conf snort.conf.distrib

207

+

208

+	# config.log and build.log are needed by Sourcefire

209

+	# to troubleshoot build problems and bug reports so we are

210

+	# preserving them incase the user needs upstream support.

211

+	if [ -f "${WORKDIR}/${PF}/config.log" ]; then

212

+		dodoc "${WORKDIR}/${PF}/config.log"

213

+	fi

214

+	if [ -f "${T}/build.log" ]; then

215

+		dodoc "${T}/build.log"

216

+	fi

217

+

218

+	insinto /etc/snort/preproc_rules

219

+	doins preproc_rules/decoder.rules \

220

+		preproc_rules/preprocessor.rules \

221

+		preproc_rules/sensitive-data.rules

222

+

223

+	fowners -R snort:snort \

224

+		/var/log/snort \

225

+		/var/run/snort \

226

+		/etc/snort

227

+

228

+	newinitd "${FILESDIR}/snort.rc12" snort

229

+	newconfd "${FILESDIR}/snort.confd.2" snort

230

+

231

+	# Sourcefire uses Makefiles to install docs causing Bug #297190.

232

+	# This removes the unwanted doc directory and rogue Makefiles.

233

+	rm -rf "${D}"usr/share/doc/snort || die "Failed to remove SF doc directories"

234

+	rm "${D}"usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files"

235

+

236

+	# Remove unneeded .la files (Bug #382863)

237

+	rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die

238

+	rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la"

239

+

240

+	# Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection

241

+	sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \

242

+		"${D}etc/snort/snort.conf.distrib" || die

243

+

244

+	# Set the correct rule location in the config

245

+	sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \

246

+		"${D}etc/snort/snort.conf.distrib" || die

247

+

248

+	# Set the correct preprocessor/decoder rule location in the config

249

+	sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \

250

+		"${D}etc/snort/snort.conf.distrib" || die

251

+

252

+	# Enable the preprocessor/decoder rules

253

+	sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \

254

+		"${D}etc/snort/snort.conf.distrib" || die

255

+

256

+	sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \

257

+		"${D}etc/snort/snort.conf.distrib" || die

258

+

259

+	# Just some clean up of trailing /'s in the config

260

+	sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \

261

+		"${D}etc/snort/snort.conf.distrib" || die

262

+

263

+	# Make it clear in the config where these are...

264

+	sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \

265

+		"${D}etc/snort/snort.conf.distrib" || die

266

+

267

+	sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \

268

+		"${D}etc/snort/snort.conf.distrib" || die

269

+

270

+	# Disable all rule files by default.

271

+	sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \

272

+		"${D}etc/snort/snort.conf.distrib" || die

273

+

274

+	# Set the configured DAQ to afpacket

275

+	sed -i -e 's|^# config daq: <type>|config daq: afpacket|g' \

276

+		"${D}etc/snort/snort.conf.distrib" || die

277

+

278

+	# Set the location of the DAQ modules

279

+	sed -i -e 's|^# config daq_dir: <dir>|config daq_dir: /usr/'$(get_libdir)'/daq|g' \

280

+		"${D}etc/snort/snort.conf.distrib" || die

281

+

282

+	# Set the DAQ mode to passive

283

+	sed -i -e 's|^# config daq_mode: <mode>|config daq_mode: passive|g' \

284

+		"${D}etc/snort/snort.conf.distrib" || die

285

+

286

+	# Set snort to run as snort:snort

287

+	sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \

288

+		"${D}etc/snort/snort.conf.distrib" || die

289

+	sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \

290

+		"${D}etc/snort/snort.conf.distrib" || die

291

+

292

+	# Set the default log dir

293

+	sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \

294

+		"${D}etc/snort/snort.conf.distrib" || die

295

+

296

+	# Set the correct so_rule location in the config

297

+	 sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \

298

+		 "${D}etc/snort/snort.conf.distrib" || die

299

+}

300

+

301

+pkg_postinst() {

302

+

303

+	einfo "There have been a number of improvements and new features"

304

+	einfo "added to ${P}. Please review the RELEASE.NOTES and"

305

+	einfo "ChangLog located in /usr/share/doc/${PF}."

306

+	einfo

307

+	elog "The Sourcefire Vulnerability Research Team (VRT) recommends that"

308

+	elog "users migrate their snort.conf customizations to the latest config"

309

+	elog "file released by the VRT. You can find the latest version of the"

310

+	elog "Snort config file in /etc/snort/snort.conf.distrib."

311

+	elog

312

+	elog "!! It is important that you migrate to this new snort.conf file !!"

313

+	elog

314

+	elog "This version of the ebuild includes an updated init.d file and"

315

+	elog "conf.d file that rely on options found in the latest Snort"

316

+	elog "config file provided by the VRT."

317

+

318

+	if use debug; then

319

+		elog "You have the 'debug' USE flag enabled. If this has been done to"

320

+		elog "troubleshoot an issue by producing a core dump or a back trace,"

321

+		elog "then you need to also ensure the FEATURES variable in make.conf"

322

+		elog "contains the 'nostrip' option."

323

+	fi

324

+}

1	commit: 63c56087785f0a65d287ed9faa67ecfc80e85ce3
2	Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
3	AuthorDate: Mon Sep 25 20:43:06 2017 +0000
4	Commit: Andreas Hüttel <dilfridge <AT> gentoo <DOT> org>
5	CommitDate: Mon Sep 25 20:47:28 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63c56087
7
8	net-analyzer/snort: Allow building against libtirpc for rpc support, bug 631314
9
10	Closes: https://bugs.gentoo.org/631314
11	Package-Manager: Portage-2.3.10, Repoman-2.3.3
12
13	net-analyzer/snort/files/snort-2.9.8.3-rpc.patch \| 26 +++
14	net-analyzer/snort/metadata.xml \| 3 +
15	net-analyzer/snort/snort-2.9.8.3-r2.ebuild \| 254 +++++++++++++++++++++++
16	3 files changed, 283 insertions(+)
17
18	diff --git a/net-analyzer/snort/files/snort-2.9.8.3-rpc.patch b/net-analyzer/snort/files/snort-2.9.8.3-rpc.patch
19	new file mode 100644
20	index 00000000000..51ee56d8410
21	--- /dev/null
22	+++ b/net-analyzer/snort/files/snort-2.9.8.3-rpc.patch
23	@@ -0,0 +1,26 @@
24	+diff -ruN snort-2.9.8.3.orig/configure.in snort-2.9.8.3/configure.in
25	+--- snort-2.9.8.3.orig/configure.in 2016-04-26 10:08:28.000000000 -0000
26	++++ snort-2.9.8.3/configure.in 2017-09-25 20:21:17.632003858 -0000
27	+@@ -187,6 +187,22 @@
28	+ AC_CHECK_LIB(nsl, inet_ntoa)
29	+ fi
30	+
31	++AC_ARG_WITH([libtirpc],
32	++ AS_HELP_STRING([--with-libtirpc], [Use libtirpc as RPC implementation (instead of sunrpc)]),
33	++ [], [ with_libtirpc=no ])
34	++
35	++AS_IF([test "x$with_libtirpc" != xno],
36	++ [PKG_CHECK_MODULES([TIRPC],
37	++ [libtirpc],
38	++ [extra_incl="$extra_incl $TIRPC_CFLAGS"; LIBS="$LIBS $TIRPC_LIBS";],
39	++ [AC_MSG_ERROR([libtirpc requested, but library not found.])]
40	++ )],
41	++ [AC_CHECK_HEADER(rpc/rpc.h,
42	++ [],
43	++ [AC_MSG_ERROR([sunrpc requested, but headers are not present.])]
44	++ )]
45	++)
46	++
47	+ if test -z "$no_libsocket"; then
48	+ AC_CHECK_LIB(socket, socket)
49	+ fi
50
51	diff --git a/net-analyzer/snort/metadata.xml b/net-analyzer/snort/metadata.xml
52	index 145c62de86a..bfe81882b55 100644
53	--- a/net-analyzer/snort/metadata.xml
54	+++ b/net-analyzer/snort/metadata.xml
55	@@ -138,5 +138,8 @@
56	Allows Snort to read pcap files that are larger than 2 GB. ONLY
57	VALID FOR 64bit SYSTEMS!
58	</flag>
59	+ <flag name="libtirpc">
60	+ Build against <pkg>net-libs/libtirpc</pkg> for RPC support
61	+ </flag>
62	</use>
63	</pkgmetadata>
64
65	diff --git a/net-analyzer/snort/snort-2.9.8.3-r2.ebuild b/net-analyzer/snort/snort-2.9.8.3-r2.ebuild
66	new file mode 100644
67	index 00000000000..161524dd796
68	--- /dev/null
69	+++ b/net-analyzer/snort/snort-2.9.8.3-r2.ebuild
70	@@ -0,0 +1,254 @@
71	+# Copyright 1999-2017 Gentoo Foundation
72	+# Distributed under the terms of the GNU General Public License v2
73	+
74	+EAPI=6
75	+inherit autotools multilib user
76	+
77	+DESCRIPTION="The de facto standard for intrusion detection/prevention"
78	+HOMEPAGE="http://www.snort.org/"
79	+SRC_URI="https://www.snort.org/downloads/${PN}/${P}.tar.gz"
80	+LICENSE="GPL-2"
81	+SLOT="0"
82	+KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86"
83	+IUSE="static +gre +ppm +perfprofiling
84	++non-ether-decoders control-socket file-inspect high-availability
85	+shared-rep side-channel sourcefire linux-smp-stats inline-init-failopen
86	++threads debug +active-response reload-error-restart
87	++react +flexresp3 large-pcap-64bit selinux +libtirpc"
88	+
89	+DEPEND=">=net-libs/libpcap-1.3.0
90	+ >=net-libs/daq-2.0.2
91	+ >=dev-libs/libpcre-8.33
92	+ dev-libs/libdnet
93	+ sys-libs/zlib
94	+ !libtirpc? ( sys-libs/glibc[rpc(-)] )
95	+ libtirpc? ( net-libs/libtirpc )
96	+ \|\| ( net-libs/libnsl <sys-libs/glibc-2.26 )
97	+"
98	+
99	+RDEPEND="${DEPEND}
100	+ selinux? ( sec-policy/selinux-snort )"
101	+
102	+REQUIRED_USE="!kernel_linux? ( !shared-rep )"
103	+
104	+PATCHES=(
105	+ "${FILESDIR}"/${P}-no-implicit.patch
106	+ "${FILESDIR}"/${P}-rpc.patch
107	+)
108	+
109	+pkg_setup() {
110	+
111	+ # pre_inst() is a better place to put this
112	+ # but we need it here for the 'fowners' statements in src_install()
113	+ enewgroup snort
114	+ enewuser snort -1 -1 /dev/null snort
115	+
116	+}
117	+
118	+src_prepare() {
119	+ default
120	+
121	+ # Multilib fix for the sf_engine
122	+ ebegin "Applying multilib fix"
123	+ sed -i -e 's\|${exec_prefix}/lib\|${exec_prefix}/'$(get_libdir)'\|g' \
124	+ "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \
125	+ \|\| die "sed for sf_engine failed"
126	+
127	+ # Multilib fix for the curent set of dynamic-preprocessors
128	+ for i in file ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop sip reputation gtp modbus dnp3; do
129	+ sed -i -e 's\|${exec_prefix}/lib\|${exec_prefix}/'$(get_libdir)'\|g' \
130	+ "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \
131	+ \|\| die "sed for $i failed."
132	+ done
133	+ eend
134	+
135	+ AT_M4DIR=m4 eautoreconf
136	+}
137	+
138	+src_configure() {
139	+
140	+ econf \
141	+ $(use_enable !static shared) \
142	+ $(use_enable static) \
143	+ $(use_enable static so-with-static-lib) \
144	+ $(use_enable gre) \
145	+ $(use_enable control-socket) \
146	+ $(use_enable file-inspect) \
147	+ $(use_enable high-availability ha) \
148	+ $(use_enable non-ether-decoders) \
149	+ $(use_enable shared-rep) \
150	+ $(use_enable side-channel) \
151	+ $(use_enable sourcefire) \
152	+ $(use_enable ppm) \
153	+ $(use_enable perfprofiling) \
154	+ $(use_enable linux-smp-stats) \
155	+ $(use_enable inline-init-failopen) \
156	+ $(use_enable threads pthread) \
157	+ $(use_enable debug) \
158	+ $(use_enable debug debug-msgs) \
159	+ $(use_enable debug corefiles) \
160	+ $(use_enable !debug dlclose) \
161	+ $(use_enable active-response) \
162	+ $(use_enable reload-error-restart) \
163	+ $(use_enable react) \
164	+ $(use_enable flexresp3) \
165	+ $(use_enable large-pcap-64bit large-pcap) \
166	+ $(use_with libtirpc) \
167	+ --enable-mpls \
168	+ --enable-normalizer \
169	+ --enable-reload \
170	+ --enable-targetbased \
171	+ --disable-build-dynamic-examples \
172	+ --disable-profile \
173	+ --disable-ppm-test \
174	+ --disable-intel-soft-cpm \
175	+ --disable-static-daq
176	+}
177	+
178	+src_install() {
179	+
180	+ emake DESTDIR="${D}" install
181	+
182	+ dodir /var/log/snort \
183	+ /var/run/snort \
184	+ /etc/snort/rules \
185	+ /etc/snort/so_rules \
186	+ /usr/$(get_libdir)/snort_dynamicrules
187	+
188	+ # config.log and build.log are needed by Sourcefire
189	+ # to trouble shoot build problems and bug reports so we are
190	+ # perserving them incase the user needs upstream support.
191	+ dodoc RELEASE.NOTES ChangeLog \
192	+ doc/* \
193	+ tools/u2boat/README.u2boat
194	+
195	+ insinto /etc/snort
196	+ doins etc/attribute_table.dtd \
197	+ etc/classification.config \
198	+ etc/gen-msg.map \
199	+ etc/reference.config \
200	+ etc/threshold.conf \
201	+ etc/unicode.map
202	+
203	+ # We use snort.conf.distrib because the config file is complicated
204	+ # and the one shipped with snort can change drastically between versions.
205	+ # Users should migrate setting by hand and not with etc-update.
206	+ newins etc/snort.conf snort.conf.distrib
207	+
208	+ # config.log and build.log are needed by Sourcefire
209	+ # to troubleshoot build problems and bug reports so we are
210	+ # preserving them incase the user needs upstream support.
211	+ if [ -f "${WORKDIR}/${PF}/config.log" ]; then
212	+ dodoc "${WORKDIR}/${PF}/config.log"
213	+ fi
214	+ if [ -f "${T}/build.log" ]; then
215	+ dodoc "${T}/build.log"
216	+ fi
217	+
218	+ insinto /etc/snort/preproc_rules
219	+ doins preproc_rules/decoder.rules \
220	+ preproc_rules/preprocessor.rules \
221	+ preproc_rules/sensitive-data.rules
222	+
223	+ fowners -R snort:snort \
224	+ /var/log/snort \
225	+ /var/run/snort \
226	+ /etc/snort
227	+
228	+ newinitd "${FILESDIR}/snort.rc12" snort
229	+ newconfd "${FILESDIR}/snort.confd.2" snort
230	+
231	+ # Sourcefire uses Makefiles to install docs causing Bug #297190.
232	+ # This removes the unwanted doc directory and rogue Makefiles.
233	+ rm -rf "${D}"usr/share/doc/snort \|\| die "Failed to remove SF doc directories"
234	+ rm "${D}"usr/share/doc/"${PF}"/Makefile* \|\| die "Failed to remove doc make files"
235	+
236	+ # Remove unneeded .la files (Bug #382863)
237	+ rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la \|\| die
238	+ rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la \|\| die "Failed to remove libsf_?_preproc.la"
239	+
240	+ # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection
241	+ sed -i -e 's\|/usr/local/lib\|/usr/'$(get_libdir)'\|g' \
242	+ "${D}etc/snort/snort.conf.distrib" \|\| die
243	+
244	+ # Set the correct rule location in the config
245	+ sed -i -e 's\|RULE_PATH ../rules\|RULE_PATH /etc/snort/rules\|g' \
246	+ "${D}etc/snort/snort.conf.distrib" \|\| die
247	+
248	+ # Set the correct preprocessor/decoder rule location in the config
249	+ sed -i -e 's\|PREPROC_RULE_PATH ../preproc_rules\|PREPROC_RULE_PATH /etc/snort/preproc_rules\|g' \
250	+ "${D}etc/snort/snort.conf.distrib" \|\| die
251	+
252	+ # Enable the preprocessor/decoder rules
253	+ sed -i -e 's\|^# include $PREPROC_RULE_PATH\|include $PREPROC_RULE_PATH\|g' \
254	+ "${D}etc/snort/snort.conf.distrib" \|\| die
255	+
256	+ sed -i -e 's\|^# dynamicdetection directory\|dynamicdetection directory\|g' \
257	+ "${D}etc/snort/snort.conf.distrib" \|\| die
258	+
259	+ # Just some clean up of trailing /'s in the config
260	+ sed -i -e 's\|snort_dynamicpreprocessor/$\|snort_dynamicpreprocessor\|g' \
261	+ "${D}etc/snort/snort.conf.distrib" \|\| die
262	+
263	+ # Make it clear in the config where these are...
264	+ sed -i -e 's\|^include classification.config\|include /etc/snort/classification.config\|g' \
265	+ "${D}etc/snort/snort.conf.distrib" \|\| die
266	+
267	+ sed -i -e 's\|^include reference.config\|include /etc/snort/reference.config\|g' \
268	+ "${D}etc/snort/snort.conf.distrib" \|\| die
269	+
270	+ # Disable all rule files by default.
271	+ sed -i -e 's\|^include $RULE_PATH\|# include $RULE_PATH\|g' \
272	+ "${D}etc/snort/snort.conf.distrib" \|\| die
273	+
274	+ # Set the configured DAQ to afpacket
275	+ sed -i -e 's\|^# config daq: <type>\|config daq: afpacket\|g' \
276	+ "${D}etc/snort/snort.conf.distrib" \|\| die
277	+
278	+ # Set the location of the DAQ modules
279	+ sed -i -e 's\|^# config daq_dir: <dir>\|config daq_dir: /usr/'$(get_libdir)'/daq\|g' \
280	+ "${D}etc/snort/snort.conf.distrib" \|\| die
281	+
282	+ # Set the DAQ mode to passive
283	+ sed -i -e 's\|^# config daq_mode: <mode>\|config daq_mode: passive\|g' \
284	+ "${D}etc/snort/snort.conf.distrib" \|\| die
285	+
286	+ # Set snort to run as snort:snort
287	+ sed -i -e 's\|^# config set_gid:\|config set_gid: snort\|g' \
288	+ "${D}etc/snort/snort.conf.distrib" \|\| die
289	+ sed -i -e 's\|^# config set_uid:\|config set_uid: snort\|g' \
290	+ "${D}etc/snort/snort.conf.distrib" \|\| die
291	+
292	+ # Set the default log dir
293	+ sed -i -e 's\|^# config logdir:\|config logdir: /var/log/snort/\|g' \
294	+ "${D}etc/snort/snort.conf.distrib" \|\| die
295	+
296	+ # Set the correct so_rule location in the config
297	+ sed -i -e 's\|SO_RULE_PATH ../so_rules\|SO_RULE_PATH /etc/snort/so_rules\|g' \
298	+ "${D}etc/snort/snort.conf.distrib" \|\| die
299	+}
300	+
301	+pkg_postinst() {
302	+
303	+ einfo "There have been a number of improvements and new features"
304	+ einfo "added to ${P}. Please review the RELEASE.NOTES and"
305	+ einfo "ChangLog located in /usr/share/doc/${PF}."
306	+ einfo
307	+ elog "The Sourcefire Vulnerability Research Team (VRT) recommends that"
308	+ elog "users migrate their snort.conf customizations to the latest config"
309	+ elog "file released by the VRT. You can find the latest version of the"
310	+ elog "Snort config file in /etc/snort/snort.conf.distrib."
311	+ elog
312	+ elog "!! It is important that you migrate to this new snort.conf file !!"
313	+ elog
314	+ elog "This version of the ebuild includes an updated init.d file and"
315	+ elog "conf.d file that rely on options found in the latest Snort"
316	+ elog "config file provided by the VRT."
317	+
318	+ if use debug; then
319	+ elog "You have the 'debug' USE flag enabled. If this has been done to"
320	+ elog "troubleshoot an issue by producing a core dump or a back trace,"
321	+ elog "then you need to also ensure the FEATURES variable in make.conf"
322	+ elog "contains the 'nostrip' option."
323	+ fi
324	+}

Gentoo Archives: gentoo-commits