[gentoo-commits] repo/gentoo:master commit in: net-analyzer/snort/ - gentoo-commits

From:	Patrick Lauer <patrick@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-analyzer/snort/
Date:	Tue, 28 Jun 2016 09:45:15
Message-Id:	`1467107076.f246b7c457a9097f58592489f02458e4274da343.patrick@gentoo`

1

commit:     f246b7c457a9097f58592489f02458e4274da343

2

Author:     Patrick Lauer <patrick <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jun 28 09:44:22 2016 +0000

4

Commit:     Patrick Lauer <patrick <AT> gentoo <DOT> org>

5

CommitDate: Tue Jun 28 09:44:36 2016 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f246b7c4

7

8

net-analyzer/snort: Bump #587194

9

10

Package-Manager: portage-2.3.0

11

12

 net-analyzer/snort/Manifest             |   1 +

13

 net-analyzer/snort/snort-2.9.8.3.ebuild | 250 ++++++++++++++++++++++++++++++++

14

 2 files changed, 251 insertions(+)

15

16

diff --git a/net-analyzer/snort/Manifest b/net-analyzer/snort/Manifest

17

index e054f55..dd94970 100644

18

--- a/net-analyzer/snort/Manifest

19

+++ b/net-analyzer/snort/Manifest

20

@@ -5,3 +5,4 @@ DIST snort-2.9.7.3.tar.gz 6300073 SHA256 8cc3613b888fc54947a2beec773c76d9a20368f

21

 DIST snort-2.9.7.5.tar.gz 6312847 SHA256 ad03f11b5301b16642199a86aa90388eaa53f5003f83b0c5595745a490047be1 SHA512 fa1b299c72a44a8cb64361e8dab9fad5bfec36bbb05ebed2407002b2c5d97256d7d67599cb1f29406b5ee0916f2f85a173610d403cd34c57f74f7049c10eb038 WHIRLPOOL 6c7270d7edfc552f074fa2fb8ed067a12a48e4e159ceaa4be1f3c877996df5630aa42721aa637a846701072834e167445a67bbfa2deb93933048b1e4f70a8e1b

22

 DIST snort-2.9.8.0.tar.gz 6323095 SHA256 bddd5d01d10d20c182836fa0199cd3549239b7a9d0fd5bbb10226feb8b42d231 SHA512 46e5f19be5eccad2d5b4d3d55ce42fe616cd5f605b7178ed98e86cc8f2f4cf0f796fad80033d81b71bea7da2abfb6d0b340815ee158190f9b974f671045bf002 WHIRLPOOL 1e15ec4e2e54bd878f654484d7617249f5e34bc5c87bd0022ee923e0bab15e1733841ad234817d5209c0063c76d3e4e3db2343130eb77450260945324862ba12

23

 DIST snort-2.9.8.2.tar.gz 6311793 SHA256 4075012d350dfa47a0200b7a920323f15cb7c370790f2a47367c03aba4009333 SHA512 60f660b2093ae88211dcef9256edf35441c0ffc61ec8240b6d25e947b55b0fdb23482913246e2288a8a533dbaff4e5ea2d8f51298ab9aa67baa1ab74d1c4f7a4 WHIRLPOOL 1b12bb4c65d98d5dc0bb37f1bc329d23238b95afcbf911ed7040da4de5116f3b0dd907539f6a6a418820d399cbe7830ea05dd894cfa83a71656ae7b0325d1f92

24

+DIST snort-2.9.8.3.tar.gz 6244304 SHA256 856d02ccec49fa30c920a1e416c47c0d62dd224340a614959ba5c03239100e6a SHA512 2f3dfe46e14a5106a02ca60b2d334549f4924ff916de0804b2b7792cdd31e104fbb454b4b932855b5f25a861698db0f8988844782b12b0e5fa132d88d4a7a687 WHIRLPOOL 3b3ab085b57522e72b7a32264107e791feec007280a76fe0c171f86c70b8d56d295ec59d150729bf08da57bf15058b2bf6e59e94f013c7a2af05cc8f79d4a38a

25

26

diff --git a/net-analyzer/snort/snort-2.9.8.3.ebuild b/net-analyzer/snort/snort-2.9.8.3.ebuild

27

new file mode 100644

28

index 0000000..9944e7e

29

--- /dev/null

30

+++ b/net-analyzer/snort/snort-2.9.8.3.ebuild

31

@@ -0,0 +1,250 @@

32

+# Copyright 1999-2016 Gentoo Foundation

33

+# Distributed under the terms of the GNU General Public License v2

34

+# $Id$

35

+

36

+EAPI="5"

37

+inherit autotools multilib user

38

+

39

+DESCRIPTION="The de facto standard for intrusion detection/prevention"

40

+HOMEPAGE="http://www.snort.org/"

41

+SRC_URI="https://www.snort.org/downloads/${PN}/${P}.tar.gz"

42

+LICENSE="GPL-2"

43

+SLOT="0"

44

+KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86"

45

+IUSE="static +gre +mpls +targetbased +ppm +perfprofiling

46

++non-ether-decoders control-socket file-inspect high-availability

47

+shared-rep side-channel sourcefire linux-smp-stats inline-init-failopen

48

++threads debug +active-response +normalizer reload-error-restart

49

++react +flexresp3 large-pcap-64bit selinux"

50

+

51

+DEPEND=">=net-libs/libpcap-1.3.0

52

+	>=net-libs/daq-2.0.2

53

+	>=dev-libs/libpcre-8.33

54

+	dev-libs/libdnet

55

+	sys-libs/zlib"

56

+

57

+RDEPEND="${DEPEND}

58

+	selinux? ( sec-policy/selinux-snort )"

59

+

60

+REQUIRED_USE="!kernel_linux? ( !shared-rep )"

61

+

62

+pkg_setup() {

63

+

64

+	# pre_inst() is a better place to put this

65

+	# but we need it here for the 'fowners' statements in src_install()

66

+	enewgroup snort

67

+	enewuser snort -1 -1 /dev/null snort

68

+

69

+}

70

+

71

+src_prepare() {

72

+

73

+	# Multilib fix for the sf_engine

74

+	ebegin "Applying multilib fix"

75

+	sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \

76

+		"${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \

77

+		|| die "sed for sf_engine failed"

78

+

79

+	# Multilib fix for the curent set of dynamic-preprocessors

80

+	for i in file ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop sip reputation gtp modbus dnp3; do

81

+		sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \

82

+			"${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \

83

+			|| die "sed for $i failed."

84

+	done

85

+	eend

86

+

87

+	AT_M4DIR=m4 eautoreconf

88

+}

89

+

90

+src_configure() {

91

+

92

+	econf \

93

+		$(use_enable !static shared) \

94

+		$(use_enable static) \

95

+		$(use_enable static so-with-static-lib) \

96

+		$(use_enable gre) \

97

+		$(use_enable mpls) \

98

+		$(use_enable targetbased) \

99

+		$(use_enable control-socket) \

100

+		$(use_enable file-inspect) \

101

+		$(use_enable high-availability ha) \

102

+		$(use_enable non-ether-decoders) \

103

+		$(use_enable shared-rep) \

104

+		$(use_enable side-channel) \

105

+		$(use_enable sourcefire) \

106

+		$(use_enable ppm) \

107

+		$(use_enable perfprofiling) \

108

+		$(use_enable linux-smp-stats) \

109

+		$(use_enable inline-init-failopen) \

110

+		$(use_enable threads pthread) \

111

+		$(use_enable debug) \

112

+		$(use_enable debug debug-msgs) \

113

+		$(use_enable debug corefiles) \

114

+		$(use_enable !debug dlclose) \

115

+		$(use_enable active-response) \

116

+		$(use_enable normalizer) \

117

+		$(use_enable reload-error-restart) \

118

+		$(use_enable react) \

119

+		$(use_enable flexresp3) \

120

+		$(use_enable large-pcap-64bit large-pcap) \

121

+		--enable-reload \

122

+		--disable-build-dynamic-examples \

123

+		--disable-profile \

124

+		--disable-ppm-test \

125

+		--disable-intel-soft-cpm \

126

+		--disable-static-daq

127

+}

128

+

129

+src_install() {

130

+

131

+	emake DESTDIR="${D}" install

132

+

133

+	dodir /var/log/snort \

134

+		/var/run/snort \

135

+		/etc/snort/rules \

136

+		/etc/snort/so_rules \

137

+		/usr/$(get_libdir)/snort_dynamicrules

138

+

139

+	# config.log and build.log are needed by Sourcefire

140

+	# to trouble shoot build problems and bug reports so we are

141

+	# perserving them incase the user needs upstream support.

142

+	dodoc RELEASE.NOTES ChangeLog \

143

+		doc/* \

144

+		tools/u2boat/README.u2boat

145

+

146

+	insinto /etc/snort

147

+	doins etc/attribute_table.dtd \

148

+		etc/classification.config \

149

+		etc/gen-msg.map \

150

+		etc/reference.config \

151

+		etc/threshold.conf \

152

+		etc/unicode.map

153

+

154

+	# We use snort.conf.distrib because the config file is complicated

155

+	# and the one shipped with snort can change drastically between versions.

156

+	# Users should migrate setting by hand and not with etc-update.

157

+	newins etc/snort.conf snort.conf.distrib

158

+

159

+	# config.log and build.log are needed by Sourcefire

160

+	# to troubleshoot build problems and bug reports so we are

161

+	# preserving them incase the user needs upstream support.

162

+	if [ -f "${WORKDIR}/${PF}/config.log" ]; then

163

+		dodoc "${WORKDIR}/${PF}/config.log"

164

+	fi

165

+	if [ -f "${T}/build.log" ]; then

166

+		dodoc "${T}/build.log"

167

+	fi

168

+

169

+	insinto /etc/snort/preproc_rules

170

+	doins preproc_rules/decoder.rules \

171

+		preproc_rules/preprocessor.rules \

172

+		preproc_rules/sensitive-data.rules

173

+

174

+	fowners -R snort:snort \

175

+		/var/log/snort \

176

+		/var/run/snort \

177

+		/etc/snort

178

+

179

+	newinitd "${FILESDIR}/snort.rc12" snort

180

+	newconfd "${FILESDIR}/snort.confd.2" snort

181

+

182

+	# Sourcefire uses Makefiles to install docs causing Bug #297190.

183

+	# This removes the unwanted doc directory and rogue Makefiles.

184

+	rm -rf "${D}"usr/share/doc/snort || die "Failed to remove SF doc directories"

185

+	rm "${D}"usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files"

186

+

187

+	# Remove unneeded .la files (Bug #382863)

188

+	rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die

189

+	rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la"

190

+

191

+	# Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection

192

+	sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \

193

+		"${D}etc/snort/snort.conf.distrib" || die

194

+

195

+	# Set the correct rule location in the config

196

+	sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \

197

+		"${D}etc/snort/snort.conf.distrib" || die

198

+

199

+	# Set the correct preprocessor/decoder rule location in the config

200

+	sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \

201

+		"${D}etc/snort/snort.conf.distrib" || die

202

+

203

+	# Enable the preprocessor/decoder rules

204

+	sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \

205

+		"${D}etc/snort/snort.conf.distrib" || die

206

+

207

+	sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \

208

+		"${D}etc/snort/snort.conf.distrib" || die

209

+

210

+	# Just some clean up of trailing /'s in the config

211

+	sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \

212

+		"${D}etc/snort/snort.conf.distrib" || die

213

+

214

+	# Make it clear in the config where these are...

215

+	sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \

216

+		"${D}etc/snort/snort.conf.distrib" || die

217

+

218

+	sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \

219

+		"${D}etc/snort/snort.conf.distrib" || die

220

+

221

+	# Disable all rule files by default.

222

+	sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \

223

+		"${D}etc/snort/snort.conf.distrib" || die

224

+

225

+	# Disable normalizer preprocessor config if normalizer USE flag not set.

226

+	if ! use normalizer; then

227

+		sed -i -e 's|^preprocessor normalize|#preprocessor normalize|g' \

228

+			"${D}etc/snort/snort.conf.distrib" || die

229

+	fi

230

+

231

+	# Set the configured DAQ to afpacket

232

+	sed -i -e 's|^# config daq: <type>|config daq: afpacket|g' \

233

+		"${D}etc/snort/snort.conf.distrib" || die

234

+

235

+	# Set the location of the DAQ modules

236

+	sed -i -e 's|^# config daq_dir: <dir>|config daq_dir: /usr/'$(get_libdir)'/daq|g' \

237

+		"${D}etc/snort/snort.conf.distrib" || die

238

+

239

+	# Set the DAQ mode to passive

240

+	sed -i -e 's|^# config daq_mode: <mode>|config daq_mode: passive|g' \

241

+		"${D}etc/snort/snort.conf.distrib" || die

242

+

243

+	# Set snort to run as snort:snort

244

+	sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \

245

+		"${D}etc/snort/snort.conf.distrib" || die

246

+	sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \

247

+		"${D}etc/snort/snort.conf.distrib" || die

248

+

249

+	# Set the default log dir

250

+	sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \

251

+		"${D}etc/snort/snort.conf.distrib" || die

252

+

253

+	# Set the correct so_rule location in the config

254

+	 sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \

255

+		 "${D}etc/snort/snort.conf.distrib" || die

256

+}

257

+

258

+pkg_postinst() {

259

+

260

+	einfo "There have been a number of improvements and new features"

261

+	einfo "added to ${P}. Please review the RELEASE.NOTES and"

262

+	einfo "ChangLog located in /usr/share/doc/${PF}."

263

+	einfo

264

+	elog "The Sourcefire Vulnerability Research Team (VRT) recommends that"

265

+	elog "users migrate their snort.conf customizations to the latest config"

266

+	elog "file released by the VRT. You can find the latest version of the"

267

+	elog "Snort config file in /etc/snort/snort.conf.distrib."

268

+	elog

269

+	elog "!! It is important that you migrate to this new snort.conf file !!"

270

+	elog

271

+	elog "This version of the ebuild includes an updated init.d file and"

272

+	elog "conf.d file that rely on options found in the latest Snort"

273

+	elog "config file provided by the VRT."

274

+

275

+	if use debug; then

276

+		elog "You have the 'debug' USE flag enabled. If this has been done to"

277

+		elog "troubleshoot an issue by producing a core dump or a back trace,"

278

+		elog "then you need to also ensure the FEATURES variable in make.conf"

279

+		elog "contains the 'nostrip' option."

280

+	fi

281

+}

1	commit: f246b7c457a9097f58592489f02458e4274da343
2	Author: Patrick Lauer <patrick <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jun 28 09:44:22 2016 +0000
4	Commit: Patrick Lauer <patrick <AT> gentoo <DOT> org>
5	CommitDate: Tue Jun 28 09:44:36 2016 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f246b7c4
7
8	net-analyzer/snort: Bump #587194
9
10	Package-Manager: portage-2.3.0
11
12	net-analyzer/snort/Manifest \| 1 +
13	net-analyzer/snort/snort-2.9.8.3.ebuild \| 250 ++++++++++++++++++++++++++++++++
14	2 files changed, 251 insertions(+)
15
16	diff --git a/net-analyzer/snort/Manifest b/net-analyzer/snort/Manifest
17	index e054f55..dd94970 100644
18	--- a/net-analyzer/snort/Manifest
19	+++ b/net-analyzer/snort/Manifest
20	@@ -5,3 +5,4 @@ DIST snort-2.9.7.3.tar.gz 6300073 SHA256 8cc3613b888fc54947a2beec773c76d9a20368f
21	DIST snort-2.9.7.5.tar.gz 6312847 SHA256 ad03f11b5301b16642199a86aa90388eaa53f5003f83b0c5595745a490047be1 SHA512 fa1b299c72a44a8cb64361e8dab9fad5bfec36bbb05ebed2407002b2c5d97256d7d67599cb1f29406b5ee0916f2f85a173610d403cd34c57f74f7049c10eb038 WHIRLPOOL 6c7270d7edfc552f074fa2fb8ed067a12a48e4e159ceaa4be1f3c877996df5630aa42721aa637a846701072834e167445a67bbfa2deb93933048b1e4f70a8e1b
22	DIST snort-2.9.8.0.tar.gz 6323095 SHA256 bddd5d01d10d20c182836fa0199cd3549239b7a9d0fd5bbb10226feb8b42d231 SHA512 46e5f19be5eccad2d5b4d3d55ce42fe616cd5f605b7178ed98e86cc8f2f4cf0f796fad80033d81b71bea7da2abfb6d0b340815ee158190f9b974f671045bf002 WHIRLPOOL 1e15ec4e2e54bd878f654484d7617249f5e34bc5c87bd0022ee923e0bab15e1733841ad234817d5209c0063c76d3e4e3db2343130eb77450260945324862ba12
23	DIST snort-2.9.8.2.tar.gz 6311793 SHA256 4075012d350dfa47a0200b7a920323f15cb7c370790f2a47367c03aba4009333 SHA512 60f660b2093ae88211dcef9256edf35441c0ffc61ec8240b6d25e947b55b0fdb23482913246e2288a8a533dbaff4e5ea2d8f51298ab9aa67baa1ab74d1c4f7a4 WHIRLPOOL 1b12bb4c65d98d5dc0bb37f1bc329d23238b95afcbf911ed7040da4de5116f3b0dd907539f6a6a418820d399cbe7830ea05dd894cfa83a71656ae7b0325d1f92
24	+DIST snort-2.9.8.3.tar.gz 6244304 SHA256 856d02ccec49fa30c920a1e416c47c0d62dd224340a614959ba5c03239100e6a SHA512 2f3dfe46e14a5106a02ca60b2d334549f4924ff916de0804b2b7792cdd31e104fbb454b4b932855b5f25a861698db0f8988844782b12b0e5fa132d88d4a7a687 WHIRLPOOL 3b3ab085b57522e72b7a32264107e791feec007280a76fe0c171f86c70b8d56d295ec59d150729bf08da57bf15058b2bf6e59e94f013c7a2af05cc8f79d4a38a
25
26	diff --git a/net-analyzer/snort/snort-2.9.8.3.ebuild b/net-analyzer/snort/snort-2.9.8.3.ebuild
27	new file mode 100644
28	index 0000000..9944e7e
29	--- /dev/null
30	+++ b/net-analyzer/snort/snort-2.9.8.3.ebuild
31	@@ -0,0 +1,250 @@
32	+# Copyright 1999-2016 Gentoo Foundation
33	+# Distributed under the terms of the GNU General Public License v2
34	+# $Id$
35	+
36	+EAPI="5"
37	+inherit autotools multilib user
38	+
39	+DESCRIPTION="The de facto standard for intrusion detection/prevention"
40	+HOMEPAGE="http://www.snort.org/"
41	+SRC_URI="https://www.snort.org/downloads/${PN}/${P}.tar.gz"
42	+LICENSE="GPL-2"
43	+SLOT="0"
44	+KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86"
45	+IUSE="static +gre +mpls +targetbased +ppm +perfprofiling
46	++non-ether-decoders control-socket file-inspect high-availability
47	+shared-rep side-channel sourcefire linux-smp-stats inline-init-failopen
48	++threads debug +active-response +normalizer reload-error-restart
49	++react +flexresp3 large-pcap-64bit selinux"
50	+
51	+DEPEND=">=net-libs/libpcap-1.3.0
52	+ >=net-libs/daq-2.0.2
53	+ >=dev-libs/libpcre-8.33
54	+ dev-libs/libdnet
55	+ sys-libs/zlib"
56	+
57	+RDEPEND="${DEPEND}
58	+ selinux? ( sec-policy/selinux-snort )"
59	+
60	+REQUIRED_USE="!kernel_linux? ( !shared-rep )"
61	+
62	+pkg_setup() {
63	+
64	+ # pre_inst() is a better place to put this
65	+ # but we need it here for the 'fowners' statements in src_install()
66	+ enewgroup snort
67	+ enewuser snort -1 -1 /dev/null snort
68	+
69	+}
70	+
71	+src_prepare() {
72	+
73	+ # Multilib fix for the sf_engine
74	+ ebegin "Applying multilib fix"
75	+ sed -i -e 's\|${exec_prefix}/lib\|${exec_prefix}/'$(get_libdir)'\|g' \
76	+ "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \
77	+ \|\| die "sed for sf_engine failed"
78	+
79	+ # Multilib fix for the curent set of dynamic-preprocessors
80	+ for i in file ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop sip reputation gtp modbus dnp3; do
81	+ sed -i -e 's\|${exec_prefix}/lib\|${exec_prefix}/'$(get_libdir)'\|g' \
82	+ "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \
83	+ \|\| die "sed for $i failed."
84	+ done
85	+ eend
86	+
87	+ AT_M4DIR=m4 eautoreconf
88	+}
89	+
90	+src_configure() {
91	+
92	+ econf \
93	+ $(use_enable !static shared) \
94	+ $(use_enable static) \
95	+ $(use_enable static so-with-static-lib) \
96	+ $(use_enable gre) \
97	+ $(use_enable mpls) \
98	+ $(use_enable targetbased) \
99	+ $(use_enable control-socket) \
100	+ $(use_enable file-inspect) \
101	+ $(use_enable high-availability ha) \
102	+ $(use_enable non-ether-decoders) \
103	+ $(use_enable shared-rep) \
104	+ $(use_enable side-channel) \
105	+ $(use_enable sourcefire) \
106	+ $(use_enable ppm) \
107	+ $(use_enable perfprofiling) \
108	+ $(use_enable linux-smp-stats) \
109	+ $(use_enable inline-init-failopen) \
110	+ $(use_enable threads pthread) \
111	+ $(use_enable debug) \
112	+ $(use_enable debug debug-msgs) \
113	+ $(use_enable debug corefiles) \
114	+ $(use_enable !debug dlclose) \
115	+ $(use_enable active-response) \
116	+ $(use_enable normalizer) \
117	+ $(use_enable reload-error-restart) \
118	+ $(use_enable react) \
119	+ $(use_enable flexresp3) \
120	+ $(use_enable large-pcap-64bit large-pcap) \
121	+ --enable-reload \
122	+ --disable-build-dynamic-examples \
123	+ --disable-profile \
124	+ --disable-ppm-test \
125	+ --disable-intel-soft-cpm \
126	+ --disable-static-daq
127	+}
128	+
129	+src_install() {
130	+
131	+ emake DESTDIR="${D}" install
132	+
133	+ dodir /var/log/snort \
134	+ /var/run/snort \
135	+ /etc/snort/rules \
136	+ /etc/snort/so_rules \
137	+ /usr/$(get_libdir)/snort_dynamicrules
138	+
139	+ # config.log and build.log are needed by Sourcefire
140	+ # to trouble shoot build problems and bug reports so we are
141	+ # perserving them incase the user needs upstream support.
142	+ dodoc RELEASE.NOTES ChangeLog \
143	+ doc/* \
144	+ tools/u2boat/README.u2boat
145	+
146	+ insinto /etc/snort
147	+ doins etc/attribute_table.dtd \
148	+ etc/classification.config \
149	+ etc/gen-msg.map \
150	+ etc/reference.config \
151	+ etc/threshold.conf \
152	+ etc/unicode.map
153	+
154	+ # We use snort.conf.distrib because the config file is complicated
155	+ # and the one shipped with snort can change drastically between versions.
156	+ # Users should migrate setting by hand and not with etc-update.
157	+ newins etc/snort.conf snort.conf.distrib
158	+
159	+ # config.log and build.log are needed by Sourcefire
160	+ # to troubleshoot build problems and bug reports so we are
161	+ # preserving them incase the user needs upstream support.
162	+ if [ -f "${WORKDIR}/${PF}/config.log" ]; then
163	+ dodoc "${WORKDIR}/${PF}/config.log"
164	+ fi
165	+ if [ -f "${T}/build.log" ]; then
166	+ dodoc "${T}/build.log"
167	+ fi
168	+
169	+ insinto /etc/snort/preproc_rules
170	+ doins preproc_rules/decoder.rules \
171	+ preproc_rules/preprocessor.rules \
172	+ preproc_rules/sensitive-data.rules
173	+
174	+ fowners -R snort:snort \
175	+ /var/log/snort \
176	+ /var/run/snort \
177	+ /etc/snort
178	+
179	+ newinitd "${FILESDIR}/snort.rc12" snort
180	+ newconfd "${FILESDIR}/snort.confd.2" snort
181	+
182	+ # Sourcefire uses Makefiles to install docs causing Bug #297190.
183	+ # This removes the unwanted doc directory and rogue Makefiles.
184	+ rm -rf "${D}"usr/share/doc/snort \|\| die "Failed to remove SF doc directories"
185	+ rm "${D}"usr/share/doc/"${PF}"/Makefile* \|\| die "Failed to remove doc make files"
186	+
187	+ # Remove unneeded .la files (Bug #382863)
188	+ rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la \|\| die
189	+ rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la \|\| die "Failed to remove libsf_?_preproc.la"
190	+
191	+ # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection
192	+ sed -i -e 's\|/usr/local/lib\|/usr/'$(get_libdir)'\|g' \
193	+ "${D}etc/snort/snort.conf.distrib" \|\| die
194	+
195	+ # Set the correct rule location in the config
196	+ sed -i -e 's\|RULE_PATH ../rules\|RULE_PATH /etc/snort/rules\|g' \
197	+ "${D}etc/snort/snort.conf.distrib" \|\| die
198	+
199	+ # Set the correct preprocessor/decoder rule location in the config
200	+ sed -i -e 's\|PREPROC_RULE_PATH ../preproc_rules\|PREPROC_RULE_PATH /etc/snort/preproc_rules\|g' \
201	+ "${D}etc/snort/snort.conf.distrib" \|\| die
202	+
203	+ # Enable the preprocessor/decoder rules
204	+ sed -i -e 's\|^# include $PREPROC_RULE_PATH\|include $PREPROC_RULE_PATH\|g' \
205	+ "${D}etc/snort/snort.conf.distrib" \|\| die
206	+
207	+ sed -i -e 's\|^# dynamicdetection directory\|dynamicdetection directory\|g' \
208	+ "${D}etc/snort/snort.conf.distrib" \|\| die
209	+
210	+ # Just some clean up of trailing /'s in the config
211	+ sed -i -e 's\|snort_dynamicpreprocessor/$\|snort_dynamicpreprocessor\|g' \
212	+ "${D}etc/snort/snort.conf.distrib" \|\| die
213	+
214	+ # Make it clear in the config where these are...
215	+ sed -i -e 's\|^include classification.config\|include /etc/snort/classification.config\|g' \
216	+ "${D}etc/snort/snort.conf.distrib" \|\| die
217	+
218	+ sed -i -e 's\|^include reference.config\|include /etc/snort/reference.config\|g' \
219	+ "${D}etc/snort/snort.conf.distrib" \|\| die
220	+
221	+ # Disable all rule files by default.
222	+ sed -i -e 's\|^include $RULE_PATH\|# include $RULE_PATH\|g' \
223	+ "${D}etc/snort/snort.conf.distrib" \|\| die
224	+
225	+ # Disable normalizer preprocessor config if normalizer USE flag not set.
226	+ if ! use normalizer; then
227	+ sed -i -e 's\|^preprocessor normalize\|#preprocessor normalize\|g' \
228	+ "${D}etc/snort/snort.conf.distrib" \|\| die
229	+ fi
230	+
231	+ # Set the configured DAQ to afpacket
232	+ sed -i -e 's\|^# config daq: <type>\|config daq: afpacket\|g' \
233	+ "${D}etc/snort/snort.conf.distrib" \|\| die
234	+
235	+ # Set the location of the DAQ modules
236	+ sed -i -e 's\|^# config daq_dir: <dir>\|config daq_dir: /usr/'$(get_libdir)'/daq\|g' \
237	+ "${D}etc/snort/snort.conf.distrib" \|\| die
238	+
239	+ # Set the DAQ mode to passive
240	+ sed -i -e 's\|^# config daq_mode: <mode>\|config daq_mode: passive\|g' \
241	+ "${D}etc/snort/snort.conf.distrib" \|\| die
242	+
243	+ # Set snort to run as snort:snort
244	+ sed -i -e 's\|^# config set_gid:\|config set_gid: snort\|g' \
245	+ "${D}etc/snort/snort.conf.distrib" \|\| die
246	+ sed -i -e 's\|^# config set_uid:\|config set_uid: snort\|g' \
247	+ "${D}etc/snort/snort.conf.distrib" \|\| die
248	+
249	+ # Set the default log dir
250	+ sed -i -e 's\|^# config logdir:\|config logdir: /var/log/snort/\|g' \
251	+ "${D}etc/snort/snort.conf.distrib" \|\| die
252	+
253	+ # Set the correct so_rule location in the config
254	+ sed -i -e 's\|SO_RULE_PATH ../so_rules\|SO_RULE_PATH /etc/snort/so_rules\|g' \
255	+ "${D}etc/snort/snort.conf.distrib" \|\| die
256	+}
257	+
258	+pkg_postinst() {
259	+
260	+ einfo "There have been a number of improvements and new features"
261	+ einfo "added to ${P}. Please review the RELEASE.NOTES and"
262	+ einfo "ChangLog located in /usr/share/doc/${PF}."
263	+ einfo
264	+ elog "The Sourcefire Vulnerability Research Team (VRT) recommends that"
265	+ elog "users migrate their snort.conf customizations to the latest config"
266	+ elog "file released by the VRT. You can find the latest version of the"
267	+ elog "Snort config file in /etc/snort/snort.conf.distrib."
268	+ elog
269	+ elog "!! It is important that you migrate to this new snort.conf file !!"
270	+ elog
271	+ elog "This version of the ebuild includes an updated init.d file and"
272	+ elog "conf.d file that rely on options found in the latest Snort"
273	+ elog "config file provided by the VRT."
274	+
275	+ if use debug; then
276	+ elog "You have the 'debug' USE flag enabled. If this has been done to"
277	+ elog "troubleshoot an issue by producing a core dump or a back trace,"
278	+ elog "then you need to also ensure the FEATURES variable in make.conf"
279	+ elog "contains the 'nostrip' option."
280	+ fi
281	+}

Gentoo Archives: gentoo-commits