/[gentoo-x86]/net-analyzer/snort/snort-2.9.6.2.ebuild
Gentoo

Contents of /net-analyzer/snort/snort-2.9.6.2.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (show annotations) (download)
Mon Aug 25 02:49:16 2014 UTC (4 years, 3 months ago) by patrick
Branch: MAIN
CVS Tags: HEAD
Bump

(Portage version: 2.2.12/cvs/Linux x86_64, unsigned Manifest commit)

1 # Copyright 1999-2014 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.6.1.ebuild,v 1.1 2014/07/09 08:12:43 patrick Exp $
4
5 EAPI="5"
6 inherit autotools multilib user
7
8 DESCRIPTION="The de facto standard for intrusion detection/prevention"
9 HOMEPAGE="http://www.snort.org/"
10 SRC_URI="https://www.snort.org/downloads/${PN}/${P}.tar.gz"
11 LICENSE="GPL-2"
12 SLOT="0"
13 KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86"
14 IUSE="static +zlib +gre +mpls +targetbased +ppm +perfprofiling
15 +non-ether-decoders control-socket file-inspect high-availability
16 shared-rep side-channel sourcefire linux-smp-stats inline-init-failopen
17 +threads debug +active-response +normalizer reload-error-restart
18 +react +flexresp3 large-pcap-64bit selinux"
19
20 DEPEND=">=net-libs/libpcap-1.3.0
21 >=net-libs/daq-2.0.2
22 >=dev-libs/libpcre-8.33
23 dev-libs/libdnet
24 zlib? ( sys-libs/zlib )"
25
26 RDEPEND="${DEPEND}
27 selinux? ( sec-policy/selinux-snort )"
28
29 REQUIRED_USE="!kernel_linux? ( !shared-rep )"
30
31 pkg_setup() {
32
33 # pre_inst() is a better place to put this
34 # but we need it here for the 'fowners' statements in src_install()
35 enewgroup snort
36 enewuser snort -1 -1 /dev/null snort
37
38 }
39
40 src_prepare() {
41
42 # Multilib fix for the sf_engine
43 ebegin "Applying multilib fix"
44 sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \
45 "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \
46 || die "sed for sf_engine failed"
47
48 # Multilib fix for the curent set of dynamic-preprocessors
49 for i in file ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop rzb_saac sip reputation gtp modbus dnp3; do
50 sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \
51 "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \
52 || die "sed for $i failed."
53 done
54 eend
55
56 AT_M4DIR=m4 eautoreconf
57 }
58
59 src_configure() {
60
61 econf \
62 $(use_enable !static shared) \
63 $(use_enable static) \
64 $(use_enable static so-with-static-lib) \
65 $(use_enable zlib) \
66 $(use_enable gre) \
67 $(use_enable mpls) \
68 $(use_enable targetbased) \
69 $(use_enable control-socket) \
70 $(use_enable file-inspect) \
71 $(use_enable high-availability ha) \
72 $(use_enable non-ether-decoders) \
73 $(use_enable shared-rep) \
74 $(use_enable side-channel) \
75 $(use_enable sourcefire) \
76 $(use_enable ppm) \
77 $(use_enable perfprofiling) \
78 $(use_enable linux-smp-stats) \
79 $(use_enable inline-init-failopen) \
80 $(use_enable threads pthread) \
81 $(use_enable debug) \
82 $(use_enable debug debug-msgs) \
83 $(use_enable debug corefiles) \
84 $(use_enable !debug dlclose) \
85 $(use_enable active-response) \
86 $(use_enable normalizer) \
87 $(use_enable reload-error-restart) \
88 $(use_enable react) \
89 $(use_enable flexresp3) \
90 $(use_enable large-pcap-64bit large-pcap) \
91 --enable-reload \
92 --disable-build-dynamic-examples \
93 --disable-profile \
94 --disable-ppm-test \
95 --disable-intel-soft-cpm \
96 --disable-static-daq \
97 --disable-rzb-saac
98 }
99
100 src_install() {
101
102 emake DESTDIR="${D}" install
103
104 dodir /var/log/snort \
105 /var/run/snort \
106 /etc/snort/rules \
107 /etc/snort/so_rules \
108 /usr/$(get_libdir)/snort_dynamicrules
109
110 # config.log and build.log are needed by Sourcefire
111 # to trouble shoot build problems and bug reports so we are
112 # perserving them incase the user needs upstream support.
113 dodoc RELEASE.NOTES ChangeLog \
114 doc/* \
115 tools/u2boat/README.u2boat
116
117 insinto /etc/snort
118 doins etc/attribute_table.dtd \
119 etc/classification.config \
120 etc/gen-msg.map \
121 etc/reference.config \
122 etc/threshold.conf \
123 etc/unicode.map
124
125 # We use snort.conf.distrib because the config file is complicated
126 # and the one shipped with snort can change drastically between versions.
127 # Users should migrate setting by hand and not with etc-update.
128 newins etc/snort.conf snort.conf.distrib
129
130 # config.log and build.log are needed by Sourcefire
131 # to troubleshoot build problems and bug reports so we are
132 # preserving them incase the user needs upstream support.
133 if [ -f "${WORKDIR}/${PF}/config.log" ]; then
134 dodoc "${WORKDIR}/${PF}/config.log"
135 fi
136 if [ -f "${T}/build.log" ]; then
137 dodoc "${T}/build.log"
138 fi
139
140 insinto /etc/snort/preproc_rules
141 doins preproc_rules/decoder.rules \
142 preproc_rules/preprocessor.rules \
143 preproc_rules/sensitive-data.rules
144
145 fowners -R snort:snort \
146 /var/log/snort \
147 /var/run/snort \
148 /etc/snort
149
150 newinitd "${FILESDIR}/snort.rc12" snort
151 newconfd "${FILESDIR}/snort.confd.2" snort
152
153 # Sourcefire uses Makefiles to install docs causing Bug #297190.
154 # This removes the unwanted doc directory and rogue Makefiles.
155 rm -rf "${D}"usr/share/doc/snort || die "Failed to remove SF doc directories"
156 rm "${D}"usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files"
157
158 # Remove unneeded .la files (Bug #382863)
159 rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die
160 rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la"
161
162 # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection
163 sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \
164 "${D}etc/snort/snort.conf.distrib" || die
165
166 # Set the correct rule location in the config
167 sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \
168 "${D}etc/snort/snort.conf.distrib" || die
169
170 # Set the correct preprocessor/decoder rule location in the config
171 sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \
172 "${D}etc/snort/snort.conf.distrib" || die
173
174 # Enable the preprocessor/decoder rules
175 sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \
176 "${D}etc/snort/snort.conf.distrib" || die
177
178 sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \
179 "${D}etc/snort/snort.conf.distrib" || die
180
181 # Just some clean up of trailing /'s in the config
182 sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \
183 "${D}etc/snort/snort.conf.distrib" || die
184
185 # Make it clear in the config where these are...
186 sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \
187 "${D}etc/snort/snort.conf.distrib" || die
188
189 sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \
190 "${D}etc/snort/snort.conf.distrib" || die
191
192 # Disable all rule files by default.
193 sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \
194 "${D}etc/snort/snort.conf.distrib" || die
195
196 # Disable normalizer preprocessor config if normalizer USE flag not set.
197 if ! use normalizer; then
198 sed -i -e 's|^preprocessor normalize|#preprocessor normalize|g' \
199 "${D}etc/snort/snort.conf.distrib" || die
200 fi
201
202 # Set the configured DAQ to afpacket
203 sed -i -e 's|^# config daq: <type>|config daq: afpacket|g' \
204 "${D}etc/snort/snort.conf.distrib" || die
205
206 # Set the location of the DAQ modules
207 sed -i -e 's|^# config daq_dir: <dir>|config daq_dir: /usr/'$(get_libdir)'/daq|g' \
208 "${D}etc/snort/snort.conf.distrib" || die
209
210 # Set the DAQ mode to passive
211 sed -i -e 's|^# config daq_mode: <mode>|config daq_mode: passive|g' \
212 "${D}etc/snort/snort.conf.distrib" || die
213
214 # Set snort to run as snort:snort
215 sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \
216 "${D}etc/snort/snort.conf.distrib" || die
217 sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \
218 "${D}etc/snort/snort.conf.distrib" || die
219
220 # Set the default log dir
221 sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \
222 "${D}etc/snort/snort.conf.distrib" || die
223
224 # Set the correct so_rule location in the config
225 sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \
226 "${D}etc/snort/snort.conf.distrib" || die
227 }
228
229 pkg_postinst() {
230
231 einfo "There have been a number of improvements and new features"
232 einfo "added to ${P}. Please review the RELEASE.NOTES and"
233 einfo "ChangLog located in /usr/share/doc/${PF}."
234 einfo
235 elog "The Sourcefire Vulnerability Research Team (VRT) recommends that"
236 elog "users migrate their snort.conf customizations to the latest config"
237 elog "file released by the VRT. You can find the latest version of the"
238 elog "Snort config file in /etc/snort/snort.conf.distrib."
239 elog
240 elog "!! It is important that you migrate to this new snort.conf file !!"
241 elog
242 elog "This version of the ebuild includes an updated init.d file and"
243 elog "conf.d file that rely on options found in the latest Snort"
244 elog "config file provided by the VRT."
245
246 if use debug; then
247 elog "You have the 'debug' USE flag enabled. If this has been done to"
248 elog "troubleshoot an issue by producing a core dump or a back trace,"
249 elog "then you need to also ensure the FEATURES variable in make.conf"
250 elog "contains the 'nostrip' option."
251 fi
252 }

  ViewVC Help
Powered by ViewVC 1.1.20