[yocto] [meta-security][PATCH 2/3] suricata: update 4.0.5
Armin Kuster
akuster808 at gmail.com
Thu Aug 9 16:04:16 PDT 2018
Fix rules make. Don't allow the makefile to download the rules. Use
fetcher
add install configs and remove manual intall of those files
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
.../{suricata_4.0.0.bb => suricata_4.0.5.bb} | 24 ++++++++++++-------
1 file changed, 15 insertions(+), 9 deletions(-)
rename recipes-security/suricata/{suricata_4.0.0.bb => suricata_4.0.5.bb} (85%)
diff --git a/recipes-security/suricata/suricata_4.0.0.bb b/recipes-security/suricata/suricata_4.0.5.bb
similarity index 85%
rename from recipes-security/suricata/suricata_4.0.0.bb
rename to recipes-security/suricata/suricata_4.0.5.bb
index 6efa351..6ccf3d2 100644
--- a/recipes-security/suricata/suricata_4.0.0.bb
+++ b/recipes-security/suricata/suricata_4.0.5.bb
@@ -4,17 +4,23 @@ require suricata.inc
LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd1e02800a1f548"
+SRC_URI += "https://rules.emergingthreats.net/open/suricata-4.0/emerging.rules.tar.gz;name=rules"
+
SRC_URI += " \
file://volatiles.03_suricata \
file://suricata.yaml \
file://suricata.service \
"
+SRC_URI[rules.md5sum] = "7e8b570d318c98bff65f2ddc457122cb"
+SRC_URI[rules.sha256sum] = "229e3035804c2b816092c6eea09e35f9db0ea421758551a7a740cdd9c15e3feb"
+
inherit autotools-brokensep pkgconfig python-dir systemd
CFLAGS += "-D_DEFAULT_SOURCE"
-CACHED_CONFIGUREVARS = "ac_cv_header_htp_htp_h=yes ac_cv_lib_htp_htp_conn_create=yes "
+CACHED_CONFIGUREVARS = "ac_cv_header_htp_htp_h=yes ac_cv_lib_htp_htp_conn_create=yes \
+ ac_cv_path_HAVE_WGET=no ac_cv_path_HAVE_CURL=no "
EXTRA_OECONF += " --disable-debug \
--enable-non-bundled-htp \
@@ -41,19 +47,20 @@ export logdir = "${localstatedir}/log"
do_install_append () {
+ install -d ${D}${sysconfdir}/suricata
+
+ oe_runmake install-conf DESTDIR=${D}
+
+ # mimic move of downloaded rules to e_sysconfrulesdir
+ cp -rf ${WORKDIR}/rules ${D}${sysconfdir}/suricata
+
oe_runmake install-rules DESTDIR=${D}
- install -d ${D}${sysconfdir}/suricata
install -d ${D}${sysconfdir}/suricata ${D}${sysconfdir}/default/volatiles
- install -m 644 classification.config ${D}${sysconfdir}/suricata
- install -m 644 reference.config ${D}${sysconfdir}/suricata
- install -m 644 ${WORKDIR}/suricata.yaml ${D}${sysconfdir}/suricata
install -m 0644 ${WORKDIR}/volatiles.03_suricata ${D}${sysconfdir}/default/volatiles/volatiles.03_suricata
install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata
- install -d ${D}${logdir}/suricata
-
install -d ${D}${systemd_unitdir}/system
sed -e s:/etc:${sysconfdir}:g \
-e s:/var/run:/run:g \
@@ -62,7 +69,6 @@ do_install_append () {
-e s:/bin/kill:${base_bindir}/kill:g \
-e s:/usr/lib:${libdir}:g \
${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service
-
}
pkg_postinst_ontarget_${PN} () {
@@ -74,7 +80,7 @@ fi
SYSTEMD_PACKAGES = "${PN}"
PACKAGES =+ "${PN}-socketcontrol"
-FILES_${PN} += "${logdir}/suricata ${systemd_unitdir}"
+FILES_${PN} += "${systemd_unitdir} /run"
FILES_${PN}-socketcontrol = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"
--
2.17.1
More information about the yocto
mailing list