From 3e03fe9984fd21d560fb0d805236201740e9effd Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Wed, 19 Jun 2019 13:50:03 +0800 Subject: snort: upgrade 2.9.11.1 -> 2.9.13 * Add PACKAGECONFIG[appid] for application identification support. * Set the variables 'have_daq_packet_trace' and 'have_daq_verdict_reason' to 'no' since they are only supported in daq 2.2.2 but not in 2.0.6. * Cleanup snort.init script and fix the incorrect argument of mkdir Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --- ...le-run-test-program-while-cross-compiling.patch | 4 +- .../recipes-connectivity/snort/snort/snort.init | 53 +++++------ .../recipes-connectivity/snort/snort_2.9.11.1.bb | 103 -------------------- .../recipes-connectivity/snort/snort_2.9.13.bb | 104 +++++++++++++++++++++ 4 files changed, 133 insertions(+), 131 deletions(-) delete mode 100644 meta-networking/recipes-connectivity/snort/snort_2.9.11.1.bb create mode 100644 meta-networking/recipes-connectivity/snort/snort_2.9.13.bb diff --git a/meta-networking/recipes-connectivity/snort/snort/disable-run-test-program-while-cross-compiling.patch b/meta-networking/recipes-connectivity/snort/snort/disable-run-test-program-while-cross-compiling.patch index 037962fb6b..30ec174395 100644 --- a/meta-networking/recipes-connectivity/snort/snort/disable-run-test-program-while-cross-compiling.patch +++ b/meta-networking/recipes-connectivity/snort/snort/disable-run-test-program-while-cross-compiling.patch @@ -226,7 +226,7 @@ index 4b3a5db..a6c5498 100644 -]])], -[have_daq_packet_trace="yes"], -[have_daq_packet_trace="no"]) -+have_daq_packet_trace="yes" ++have_daq_packet_trace="no" AC_MSG_RESULT($have_daq_packet_trace) if test "x$have_daq_packet_trace" = "xyes"; then AC_DEFINE([HAVE_DAQ_PKT_TRACE],[1], @@ -245,7 +245,7 @@ index 4b3a5db..a6c5498 100644 -]])], -[have_daq_verdict_reason="yes"], -[have_daq_verdict_reason="no"]) -+have_daq_verdict_reason="yes" ++have_daq_verdict_reason="no" AC_MSG_RESULT($have_daq_verdict_reason) if test "x$have_daq_verdict_reason" = "xyes"; then AC_DEFINE([HAVE_DAQ_VERDICT_REASON],[1], diff --git a/meta-networking/recipes-connectivity/snort/snort/snort.init b/meta-networking/recipes-connectivity/snort/snort/snort.init index d8a00c43fc..0d90c9af03 100644 --- a/meta-networking/recipes-connectivity/snort/snort/snort.init +++ b/meta-networking/recipes-connectivity/snort/snort/snort.init @@ -1,6 +1,6 @@ #!/bin/sh # -# Snort Startup Script modified for OpenEmbedded +# Snort Startup Script modified for OpenEmbedded # # Script variables @@ -30,16 +30,16 @@ fi start() { - [ -n "$LAN_INTERFACE" ] || return 0 # Check if log diratory is present. Otherwise, create it. if [ ! -d $LOGDIR/$DATE ]; then - mkdir -d $LOGDIR/$DATE + mkdir -p $LOGDIR/$DATE /bin/chown -R $USER:$USER $LOGDIR/$DATE - /bin/chmod -R 700 $LOGDIR/$DATE + /bin/chmod -R 700 $LOGDIR/$DATE fi /bin/echo "Starting $PROG: " + # Snort parameters # -D Run Snort in background (daemon) mode # -i Listen on interface @@ -64,7 +64,7 @@ stop() RETURN_VAL=$? /bin/echo "$PROG shutdown complete." [ -e $DEL_PID ] && rm -f $DEL_PID - [ -e $DEL_PID.lck ] && rm -f $DEL_PID.lck + [ -e $DEL_PID.lck ] && rm -f $DEL_PID.lck else /bin/echo "ERROR: PID in $PID file not found." RETURN_VAL=1 @@ -72,12 +72,13 @@ stop() return $RETURN_VAL } -status() { - if [ -s $PID ]; then - echo "$PROG is running as pid `cat $PID`:" - else - echo "$PROG is not running." - fi +status() +{ + if [ -s $PID ]; then + echo "$PROG is running as pid `cat $PID`:" + else + echo "$PROG is not running." + fi } restart() @@ -89,21 +90,21 @@ restart() } case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - status - ;; - restart|reload) - restart - ;; - *) - /bin/echo "Usage: $0 {start|stop|status|restart|reload}" - RETURN_VAL=1 + start) + start + ;; + stop) + stop + ;; + status) + status + ;; + restart|reload) + restart + ;; + *) + /bin/echo "Usage: $0 {start|stop|status|restart|reload}" + RETURN_VAL=1 esac exit $RETURN_VAL diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.11.1.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.11.1.bb deleted file mode 100644 index c2eb95fe73..0000000000 --- a/meta-networking/recipes-connectivity/snort/snort_2.9.11.1.bb +++ /dev/null @@ -1,103 +0,0 @@ -DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." -HOMEPAGE = "http://www.snort.org/" -SECTION = "net" -LICENSE = "GPL-2.0" -LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" - -DEPENDS = "xz libpcap libpcre daq libdnet util-linux daq-native libtirpc bison-native" - -SRC_URI = "https://www.snort.org/downloads/archive/snort/${BP}.tar.gz \ - file://snort.init \ - file://0001-libpcap-search-sysroot-for-headers.patch \ - file://fix-host-contamination-when-enable-static-daq.patch \ - file://disable-run-test-program-while-cross-compiling.patch \ -" - -SRC_URI[md5sum] = "378e3938b2b5c8e358f942d0ffce18cc" -SRC_URI[sha256sum] = "9f6b3aeac5a109f55504bd370564ac431cb1773507929dc461626898f33f46cd" - -UPSTREAM_CHECK_URI = "https://www.snort.org/downloads" -UPSTREAM_CHECK_REGEX = "snort-(?P\d+(\.\d+)+)\.tar" - -inherit autotools gettext update-rc.d pkgconfig - -INITSCRIPT_NAME = "snort" -INITSCRIPT_PARAMS = "defaults" - -EXTRA_OECONF = " \ - --enable-gre \ - --enable-linux-smp-stats \ - --enable-reload \ - --enable-reload-error-restart \ - --enable-targetbased \ - --enable-static-daq \ - --with-dnet-includes=${STAGING_INCDIR} \ - --with-dnet-libraries=${STAGING_LIBDIR} \ - --with-libpcre-includes=${STAGING_INCDIR} \ - --with-libpcre-libraries=${STAGING_LIBDIR} \ - --with-daq-includes=${STAGING_INCDIR} \ - --with-daq-libraries=${STAGING_LIBDIR} \ -" - -# if you want to disable it, you need to patch configure.in first -# AC_CHECK_HEADERS([openssl/sha.h],, SHA_H="no") -# is called even with --without-openssl-includes -PACKAGECONFIG ?= "openssl lzma" -PACKAGECONFIG[openssl] = "--with-openssl-includes=${STAGING_INCDIR} --with-openssl-libraries=${STAGING_LIBDIR}, --without-openssl-includes --without-openssl-libraries, openssl," -PACKAGECONFIG[lzma] = "--with-lzma-includes=${STAGING_INCDIR} --with-lzma-libraries=${STAGING_LIBDIR}, --without-lzma-includes --without-lzma-libraries, xz," - -CFLAGS += "-I${STAGING_INCDIR}/tirpc" -LDFLAGS += " -ltirpc" - -do_install_append() { - install -d ${D}${sysconfdir}/snort/rules - install -d ${D}${sysconfdir}/snort/preproc_rules - install -d ${D}${sysconfdir}/init.d - for i in map config conf dtd; do - cp ${S}/etc/*.$i ${D}${sysconfdir}/snort/ - done - - # fix the hardcoded path and lib name - # comment out the rules that are not provided - sed -i -e 's#/usr/local/lib#${libdir}#' \ - -e 's#\.\./\(.*rules\)#${sysconfdir}/snort/\1#' \ - -e 's#\(libsf_engine.so\)#\1.0#' \ - -e 's/^\(include $RULE_PATH\)/#\1/' \ - -e 's/^\(dynamicdetection\)/#\1/' \ - -e '/preprocessor reputation/,/blacklist/ s/^/#/' \ - ${D}${sysconfdir}/snort/snort.conf - - cp ${S}/preproc_rules/*.rules ${D}${sysconfdir}/snort/preproc_rules/ - install -m 755 ${WORKDIR}/snort.init ${D}${sysconfdir}/init.d/snort - mkdir -p ${D}${localstatedir}/log/snort - install -d ${D}/var/log/snort - - sed -i -e 's|-fdebug-prefix-map[^ ]*||g; s|-fmacro-prefix-map[^ ]*||g; s|${STAGING_DIR_TARGET}||g' ${D}${libdir}/pkgconfig/*.pc -} - -FILES_${PN} += " \ - ${libdir}/snort_dynamicengine/*.so.* \ - ${libdir}/snort_dynamicpreprocessor/*.so.* \ - ${libdir}/snort_dynamicrules/*.so.* \ -" -FILES_${PN}-dbg += " \ - ${libdir}/snort_dynamicengine/.debug \ - ${libdir}/snort_dynamicpreprocessor/.debug \ - ${libdir}/snort_dynamicrules/.debug \ -" -FILES_${PN}-staticdev += " \ - ${libdir}/snort_dynamicengine/*.a \ - ${libdir}/snort_dynamicpreprocessor/*.a \ - ${libdir}/snort_dynamicrules/*.a \ - ${libdir}/snort/dynamic_preproc/*.a \ - ${libdir}/snort/dynamic_output/*.a \ -" -FILES_${PN}-dev += " \ - ${libdir}/snort_dynamicengine/*.la \ - ${libdir}/snort_dynamicpreprocessor/*.la \ - ${libdir}/snort_dynamicrules/*.la \ - ${libdir}/snort_dynamicengine/*.so \ - ${libdir}/snort_dynamicpreprocessor/*.so \ - ${libdir}/snort_dynamicrules/*.so \ - ${prefix}/src/snort_dynamicsrc \ -" diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.13.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.13.bb new file mode 100644 index 0000000000..1b10dbde1d --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.13.bb @@ -0,0 +1,104 @@ +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." +HOMEPAGE = "http://www.snort.org/" +SECTION = "net" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" + +DEPENDS = "xz libpcap libpcre daq libdnet util-linux daq-native libtirpc bison-native" + +SRC_URI = "https://www.snort.org/downloads/archive/snort/${BP}.tar.gz \ + file://snort.init \ + file://0001-libpcap-search-sysroot-for-headers.patch \ + file://fix-host-contamination-when-enable-static-daq.patch \ + file://disable-run-test-program-while-cross-compiling.patch \ +" + +SRC_URI[md5sum] = "b61ae846af022018b05511076baad60c" +SRC_URI[sha256sum] = "31447393d15286b848810dd78ab2cb3ad231fcd1f1663f959587690eeea75413" + +UPSTREAM_CHECK_URI = "https://www.snort.org/downloads" +UPSTREAM_CHECK_REGEX = "snort-(?P\d+(\.\d+)+)\.tar" + +inherit autotools gettext update-rc.d pkgconfig + +INITSCRIPT_NAME = "snort" +INITSCRIPT_PARAMS = "defaults" + +EXTRA_OECONF = " \ + --enable-gre \ + --enable-linux-smp-stats \ + --enable-reload \ + --enable-reload-error-restart \ + --enable-targetbased \ + --enable-static-daq \ + --with-dnet-includes=${STAGING_INCDIR} \ + --with-dnet-libraries=${STAGING_LIBDIR} \ + --with-libpcre-includes=${STAGING_INCDIR} \ + --with-libpcre-libraries=${STAGING_LIBDIR} \ + --with-daq-includes=${STAGING_INCDIR} \ + --with-daq-libraries=${STAGING_LIBDIR} \ +" + +# if you want to disable it, you need to patch configure.in first +# AC_CHECK_HEADERS([openssl/sha.h],, SHA_H="no") +# is called even with --without-openssl-includes +PACKAGECONFIG ?= "openssl lzma" +PACKAGECONFIG[openssl] = "--with-openssl-includes=${STAGING_INCDIR} --with-openssl-libraries=${STAGING_LIBDIR}, --without-openssl-includes --without-openssl-libraries, openssl," +PACKAGECONFIG[lzma] = "--with-lzma-includes=${STAGING_INCDIR} --with-lzma-libraries=${STAGING_LIBDIR}, --without-lzma-includes --without-lzma-libraries, xz," +PACKAGECONFIG[appid] = "--enable-open-appid, --disable-open-appid, luajit, bash" + +CFLAGS += "-I${STAGING_INCDIR}/tirpc" +LDFLAGS += " -ltirpc" + +do_install_append() { + install -d ${D}${sysconfdir}/snort/rules + install -d ${D}${sysconfdir}/snort/preproc_rules + install -d ${D}${sysconfdir}/init.d + for i in map config conf dtd; do + cp ${S}/etc/*.$i ${D}${sysconfdir}/snort/ + done + + # fix the hardcoded path and lib name + # comment out the rules that are not provided + sed -i -e 's#/usr/local/lib#${libdir}#' \ + -e 's#\.\./\(.*rules\)#${sysconfdir}/snort/\1#' \ + -e 's#\(libsf_engine.so\)#\1.0#' \ + -e 's/^\(include $RULE_PATH\)/#\1/' \ + -e 's/^\(dynamicdetection\)/#\1/' \ + -e '/preprocessor reputation/,/blacklist/ s/^/#/' \ + ${D}${sysconfdir}/snort/snort.conf + + cp ${S}/preproc_rules/*.rules ${D}${sysconfdir}/snort/preproc_rules/ + install -m 755 ${WORKDIR}/snort.init ${D}${sysconfdir}/init.d/snort + mkdir -p ${D}${localstatedir}/log/snort + install -d ${D}/var/log/snort + + sed -i -e 's|-fdebug-prefix-map[^ ]*||g; s|-fmacro-prefix-map[^ ]*||g; s|${STAGING_DIR_TARGET}||g' ${D}${libdir}/pkgconfig/*.pc +} + +FILES_${PN} += " \ + ${libdir}/snort_dynamicengine/*.so.* \ + ${libdir}/snort_dynamicpreprocessor/*.so.* \ + ${libdir}/snort_dynamicrules/*.so.* \ +" +FILES_${PN}-dbg += " \ + ${libdir}/snort_dynamicengine/.debug \ + ${libdir}/snort_dynamicpreprocessor/.debug \ + ${libdir}/snort_dynamicrules/.debug \ +" +FILES_${PN}-staticdev += " \ + ${libdir}/snort_dynamicengine/*.a \ + ${libdir}/snort_dynamicpreprocessor/*.a \ + ${libdir}/snort_dynamicrules/*.a \ + ${libdir}/snort/dynamic_preproc/*.a \ + ${libdir}/snort/dynamic_output/*.a \ +" +FILES_${PN}-dev += " \ + ${libdir}/snort_dynamicengine/*.la \ + ${libdir}/snort_dynamicpreprocessor/*.la \ + ${libdir}/snort_dynamicrules/*.la \ + ${libdir}/snort_dynamicengine/*.so \ + ${libdir}/snort_dynamicpreprocessor/*.so \ + ${libdir}/snort_dynamicrules/*.so \ + ${prefix}/src/snort_dynamicsrc \ +" -- cgit 1.2.3-korg