diff options
Diffstat (limited to 'net/suricata6/Makefile')
| -rw-r--r-- | net/suricata6/Makefile | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/net/suricata6/Makefile b/net/suricata6/Makefile new file mode 100644 index 0000000..9859f89 --- /dev/null +++ b/net/suricata6/Makefile @@ -0,0 +1,170 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME := suricata +PKG_VERSION := 6.0.4 +PKG_RELEASE := 1 + +PKG_SOURCE_PROTO := git +PKG_SOURCE_DATE := 2021-11-18 +PKG_SOURCE_VERSION := e9c8767b905fcae53432076572bfbeaf639b202d +PKG_SOURCE_URL := https://github.com/OISF/suricata.git +PKG_MIRROR_HASH := 0fc6a18c503022f304ae9c86ff8be0f52fe9b204c6dc78c69ef2039395d67d9c + +PKG_FIXUP := autoreconf +PKG_FIXUP := patch-libtool + +PKG_BUILD_PARALLEL := 1 +PKG_INSTALL := 1 +PKG_BUILD_DEPENDS := rust/host python3/host expat/host + +include $(INCLUDE_DIR)/package.mk +include ../../lang/rust/rust_environment.mk + +define Package/suricata6/config + source "$(SOURCE)/Config.in" +endef + +CONFIGURE_VARS += \ + CARGO_HOME="$(CARGO_HOME)" \ + ac_cv_path_CARGO="$(CARGO_HOME)/bin/cargo" \ + ac_cv_path_RUSTC="$(CARGO_HOME)/bin/rustc" \ + +CONFIGURE_ARGS += \ + --target=$(RUSTC_TARGET_ARCH) \ + --host=$(RUSTC_TARGET_ARCH) \ + --build=$(RUSTC_HOST_ARCH) \ + --enable-shared \ + --disable-gccmarch-native \ + --with-gnu-ld \ + --with-sysroot=$(STAGING_DIR_HOST) +# --enable-non-bundled-htp \ +# --with-libhtp-includes=$(STAGING_DIR_HOSTPKG)/include \ +# --with-libhtp-libraries=$(STAGING_DIR_HOSTPKG)/lib +# --with-sysroot=$(TOOLCHAIN_DIR) + +ifeq ($(CONFIG_SURICATA_ENABLE_PYTHON),y) +CONFIGURE_ARGS += --enable-python +endif +ifeq ($(CONFIG_SURICATA_ENABLE_LUAJIT),y) +CONFIGURE_ARGS += --enable-luajit +endif +ifeq ($(CONFIG_SURICATA_ENABLE_GCCPROTECT),y) +CONFIGURE_ARBBBGS += --enable-gccprotect +endif +ifeq ($(CONFIG_SURICATA_ENABLE_GCCPROFILE),y) +CONFIGURE_ARGS += --enable-gccprofile +endif + +# For now, x86_64 targets can't use PIE +ifneq ($(CONFIG_TARGET_x86),y) + ifeq ($(CONFIG_PKG_ASLR_PIE_ALL),y) + CONFIGURE_ARGS += --enable-pie + else ($(CONFIG_PKG_ASLR_PIE_REGULAR),y) + CONFIGURE_ARGS += --enable-pie + endif +endif + +ifeq ($(CONFIG_SURICATA_ENABLE_NFQUEUE),y) +CONFIGURE_ARGS += --enable-nfqueue +endif + +ifeq ($(CONFIG_SURICATA_ENABLE_GEOIP),y) +CONFIGURE_ARGS += --enable-geoip +endif + +ifeq ($(CONFIG_SURICATA_ENABLE_LIBMAGIC),n) +CONFIGURE_ARGS += --disable-libmagic +endif + +ifeq ($(CONFIG_SURICATA_ENABLE_DEBUG),y) +TARGET_CXXFLAGS += -ggdb3 +CONFIGURE_ARGS += --enable-debug +endif + +ifeq ($(CONFIG_SURICATA_ENABLE_HIREDIS),y) +CONFIGURE_ARGS += --enable-hiredis +endif + +ifeq ($(CONFIG_SURICATA_ENABLE_EBPF),y) +CONFIGURE_ARGS += --enable-ebpf-build +endif + +ifeq ($(CONFIG_SURICATA_ENABLE_NFLOG),y) +CONFIGURE_ARGS += --enable-nflog +endif + +define Build/Prepare + $(call Build/Prepare/Default) + + cd $(PKG_BUILD_DIR) && \ + git clone https://github.com/OISF/libhtp.git + + [ -f $(CARGO_HOME)/bin/cbindgen ] || \ + $(CONFIGURE_VARS) cargo install --root=$(CARGO_HOME) cbindgen + + cd $(PKG_BUILD_DIR) && $(CONFIGURE_VARS) ./autogen.sh +endef + +define Build/Install + $(call Build/Install/Default,install) + $(call Build/Install/Default,install-conf) +endef + +define Package/suricata6 + SUBMENU:=Firewall + SECTION:=net + CATEGORY:=Network + DEPENDS:=@!SMALL_FLASH @!LOW_MEMORY_FOOTPRINT +libexpat +jansson +libpcre +libyaml +libpcap +libcap-ng \ + +nspr +libnss +liblz4 +libatomic +libnet-1.2.x \ + +SURICATA_ENABLE_NFLOG:libnetfilter-log \ + +SURICATA_ENABLE_NFQUEUE:libnetfilter-queue +SURICATA_ENABLE_NFQUEUE:iptables-mod-nfqueue \ + +SURICATA_ENABLE_HIREDIS:libhiredis +SURICATA_ENABLE_HIREDIS:libevent2 \ + +SURICATA_ENABLE_LIBMAGIC:file \ + +SURICATA_ENABLE_GEOIP:libmaxminddb \ + +SURICATA_ENABLE_PYTHON:python3 +SURICATA_ENABLE_PYTHON:python3-yaml \ + +SURICATA_ENABLE_LUAJIT:luajit + TITLE:=OISF Suricata IDS + URL:=https://www.openinfosecfoundation.org/ + MENU:=1 +endef + +define Package/suricata6/description +Suricata is an open source-based intrusion detection system (IDS), intrusion +prevention system (IPS), and Network Monitoring System (NMS) +endef + +define Package/suricata6/conffiles +/etc/config/suricata +/etc/suricata/ +endef + +define Package/suricata6/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/suricata $(1)/usr/bin/suricata + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/suricatactl $(1)/usr/bin/suricatactl + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/suricatasc $(1)/usr/bin/suricatasc + + $(INSTALL_DIR) $(1)/usr/lib + $(CP) -r $(PKG_INSTALL_DIR)/usr/lib/* $(1)/usr/lib/ + + $(INSTALL_DIR) $(1)/usr/include + $(CP) -r $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/ + + $(INSTALL_DIR) $(1)/etc/suricata + $(CP) $(PKG_BUILD_DIR)/suricata.yaml \ + $(PKG_BUILD_DIR)/etc/classification.config \ + $(PKG_BUILD_DIR)/threshold.config \ + $(PKG_BUILD_DIR)/etc/reference.config \ + $(1)/etc/suricata/ + + $(INSTALL_DIR) $(1)/usr/share/suricata/rules + $(CP) $(PKG_INSTALL_DIR)/usr/share/suricata/rules/* $(1)/usr/share/suricata/rules/ + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DIR) $(1)/etc/config + + $(INSTALL_BIN) ./files/etc/init.d/suricata $(1)/etc/init.d/suricata + $(INSTALL_CONF) ./files/etc/config/suricata $(1)/etc/config/suricata +endef + +$(eval $(call BuildPackage,suricata6)) |