/[gentoo-x86]/net-analyzer/snort/snort-2.9.7.3.ebuild
Gentoo

Contents of /net-analyzer/snort/snort-2.9.7.3.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.1 - (show annotations) (download)
Tue May 26 04:05:44 2015 UTC (3 years, 4 months ago) by patrick
Branch: MAIN
CVS Tags: HEAD
Bump

(Portage version: 2.2.20/cvs/Linux x86_64, unsigned Manifest commit)

1 # Copyright 1999-2015 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.7.2.ebuild,v 1.1 2015/03/16 03:15:21 patrick Exp $
4
5 EAPI="5"
6 inherit autotools multilib user
7
8 DESCRIPTION="The de facto standard for intrusion detection/prevention"
9 HOMEPAGE="http://www.snort.org/"
10 SRC_URI="https://www.snort.org/downloads/${PN}/${P}.tar.gz"
11 LICENSE="GPL-2"
12 SLOT="0"
13 KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~sparc ~x86"
14 IUSE="static +gre +mpls +targetbased +ppm +perfprofiling
15 +non-ether-decoders control-socket file-inspect high-availability
16 shared-rep side-channel sourcefire linux-smp-stats inline-init-failopen
17 +threads debug +active-response +normalizer reload-error-restart
18 +react +flexresp3 large-pcap-64bit selinux"
19
20 DEPEND=">=net-libs/libpcap-1.3.0
21 >=net-libs/daq-2.0.2
22 >=dev-libs/libpcre-8.33
23 dev-libs/libdnet
24 sys-libs/zlib"
25
26 RDEPEND="${DEPEND}
27 selinux? ( sec-policy/selinux-snort )"
28
29 REQUIRED_USE="!kernel_linux? ( !shared-rep )"
30
31 pkg_setup() {
32
33 # pre_inst() is a better place to put this
34 # but we need it here for the 'fowners' statements in src_install()
35 enewgroup snort
36 enewuser snort -1 -1 /dev/null snort
37
38 }
39
40 src_prepare() {
41
42 # Multilib fix for the sf_engine
43 ebegin "Applying multilib fix"
44 sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \
45 "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \
46 || die "sed for sf_engine failed"
47
48 # Multilib fix for the curent set of dynamic-preprocessors
49 for i in file ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop sip reputation gtp modbus dnp3; do
50 sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \
51 "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \
52 || die "sed for $i failed."
53 done
54 eend
55
56 AT_M4DIR=m4 eautoreconf
57 }
58
59 src_configure() {
60
61 econf \
62 $(use_enable !static shared) \
63 $(use_enable static) \
64 $(use_enable static so-with-static-lib) \
65 $(use_enable gre) \
66 $(use_enable mpls) \
67 $(use_enable targetbased) \
68 $(use_enable control-socket) \
69 $(use_enable file-inspect) \
70 $(use_enable high-availability ha) \
71 $(use_enable non-ether-decoders) \
72 $(use_enable shared-rep) \
73 $(use_enable side-channel) \
74 $(use_enable sourcefire) \
75 $(use_enable ppm) \
76 $(use_enable perfprofiling) \
77 $(use_enable linux-smp-stats) \
78 $(use_enable inline-init-failopen) \
79 $(use_enable threads pthread) \
80 $(use_enable debug) \
81 $(use_enable debug debug-msgs) \
82 $(use_enable debug corefiles) \
83 $(use_enable !debug dlclose) \
84 $(use_enable active-response) \
85 $(use_enable normalizer) \
86 $(use_enable reload-error-restart) \
87 $(use_enable react) \
88 $(use_enable flexresp3) \
89 $(use_enable large-pcap-64bit large-pcap) \
90 --enable-reload \
91 --disable-build-dynamic-examples \
92 --disable-profile \
93 --disable-ppm-test \
94 --disable-intel-soft-cpm \
95 --disable-static-daq
96 }
97
98 src_install() {
99
100 emake DESTDIR="${D}" install
101
102 dodir /var/log/snort \
103 /var/run/snort \
104 /etc/snort/rules \
105 /etc/snort/so_rules \
106 /usr/$(get_libdir)/snort_dynamicrules
107
108 # config.log and build.log are needed by Sourcefire
109 # to trouble shoot build problems and bug reports so we are
110 # perserving them incase the user needs upstream support.
111 dodoc RELEASE.NOTES ChangeLog \
112 doc/* \
113 tools/u2boat/README.u2boat
114
115 insinto /etc/snort
116 doins etc/attribute_table.dtd \
117 etc/classification.config \
118 etc/gen-msg.map \
119 etc/reference.config \
120 etc/threshold.conf \
121 etc/unicode.map
122
123 # We use snort.conf.distrib because the config file is complicated
124 # and the one shipped with snort can change drastically between versions.
125 # Users should migrate setting by hand and not with etc-update.
126 newins etc/snort.conf snort.conf.distrib
127
128 # config.log and build.log are needed by Sourcefire
129 # to troubleshoot build problems and bug reports so we are
130 # preserving them incase the user needs upstream support.
131 if [ -f "${WORKDIR}/${PF}/config.log" ]; then
132 dodoc "${WORKDIR}/${PF}/config.log"
133 fi
134 if [ -f "${T}/build.log" ]; then
135 dodoc "${T}/build.log"
136 fi
137
138 insinto /etc/snort/preproc_rules
139 doins preproc_rules/decoder.rules \
140 preproc_rules/preprocessor.rules \
141 preproc_rules/sensitive-data.rules
142
143 fowners -R snort:snort \
144 /var/log/snort \
145 /var/run/snort \
146 /etc/snort
147
148 newinitd "${FILESDIR}/snort.rc12" snort
149 newconfd "${FILESDIR}/snort.confd.2" snort
150
151 # Sourcefire uses Makefiles to install docs causing Bug #297190.
152 # This removes the unwanted doc directory and rogue Makefiles.
153 rm -rf "${D}"usr/share/doc/snort || die "Failed to remove SF doc directories"
154 rm "${D}"usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files"
155
156 # Remove unneeded .la files (Bug #382863)
157 rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die
158 rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la"
159
160 # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection
161 sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \
162 "${D}etc/snort/snort.conf.distrib" || die
163
164 # Set the correct rule location in the config
165 sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \
166 "${D}etc/snort/snort.conf.distrib" || die
167
168 # Set the correct preprocessor/decoder rule location in the config
169 sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \
170 "${D}etc/snort/snort.conf.distrib" || die
171
172 # Enable the preprocessor/decoder rules
173 sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \
174 "${D}etc/snort/snort.conf.distrib" || die
175
176 sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \
177 "${D}etc/snort/snort.conf.distrib" || die
178
179 # Just some clean up of trailing /'s in the config
180 sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \
181 "${D}etc/snort/snort.conf.distrib" || die
182
183 # Make it clear in the config where these are...
184 sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \
185 "${D}etc/snort/snort.conf.distrib" || die
186
187 sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \
188 "${D}etc/snort/snort.conf.distrib" || die
189
190 # Disable all rule files by default.
191 sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \
192 "${D}etc/snort/snort.conf.distrib" || die
193
194 # Disable normalizer preprocessor config if normalizer USE flag not set.
195 if ! use normalizer; then
196 sed -i -e 's|^preprocessor normalize|#preprocessor normalize|g' \
197 "${D}etc/snort/snort.conf.distrib" || die
198 fi
199
200 # Set the configured DAQ to afpacket
201 sed -i -e 's|^# config daq: <type>|config daq: afpacket|g' \
202 "${D}etc/snort/snort.conf.distrib" || die
203
204 # Set the location of the DAQ modules
205 sed -i -e 's|^# config daq_dir: <dir>|config daq_dir: /usr/'$(get_libdir)'/daq|g' \
206 "${D}etc/snort/snort.conf.distrib" || die
207
208 # Set the DAQ mode to passive
209 sed -i -e 's|^# config daq_mode: <mode>|config daq_mode: passive|g' \
210 "${D}etc/snort/snort.conf.distrib" || die
211
212 # Set snort to run as snort:snort
213 sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \
214 "${D}etc/snort/snort.conf.distrib" || die
215 sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \
216 "${D}etc/snort/snort.conf.distrib" || die
217
218 # Set the default log dir
219 sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \
220 "${D}etc/snort/snort.conf.distrib" || die
221
222 # Set the correct so_rule location in the config
223 sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \
224 "${D}etc/snort/snort.conf.distrib" || die
225 }
226
227 pkg_postinst() {
228
229 einfo "There have been a number of improvements and new features"
230 einfo "added to ${P}. Please review the RELEASE.NOTES and"
231 einfo "ChangLog located in /usr/share/doc/${PF}."
232 einfo
233 elog "The Sourcefire Vulnerability Research Team (VRT) recommends that"
234 elog "users migrate their snort.conf customizations to the latest config"
235 elog "file released by the VRT. You can find the latest version of the"
236 elog "Snort config file in /etc/snort/snort.conf.distrib."
237 elog
238 elog "!! It is important that you migrate to this new snort.conf file !!"
239 elog
240 elog "This version of the ebuild includes an updated init.d file and"
241 elog "conf.d file that rely on options found in the latest Snort"
242 elog "config file provided by the VRT."
243
244 if use debug; then
245 elog "You have the 'debug' USE flag enabled. If this has been done to"
246 elog "troubleshoot an issue by producing a core dump or a back trace,"
247 elog "then you need to also ensure the FEATURES variable in make.conf"
248 elog "contains the 'nostrip' option."
249 fi
250 }

  ViewVC Help
Powered by ViewVC 1.1.20