Hi Chunrong, A few things with this one.
- can you be more specific with the LICENSE? WARNING: snort: No generic license file exists for: GPL in any provider - my test build generated QA errors due to host libraries being used in the build: cc1: warning: include location "/usr/include/pcap" is unsafe for cross-compilation [-Wpoison-system-directories] cc1: warning: include location "/usr/include/pcap" is unsafe for cross-compilation [-Wpoison-system-directories] cc1: warning: include location "/usr/include/pcap" is unsafe for cross-compilation [-Wpoison-system-directories] cc1: warning: include location "/usr/include/pcap" is unsafe for cross-compilation [-Wpoison-system-directories] - Is the pkg_postinst_${PN} action really necessary? Can't you accomplish the same thing by inheriting useradd? At worst, I think you'll only need the last line, directly invoking populate-volatile.sh. Could be mistaken on that, though. - Can you take another pass through the recipe itself, please? There's some inconsistent formatting (specifically around SRC_URI) and minor whitespace issues (around EXTRA_OECONF, for sure, maybe elsewhere, I've only done a quick scan). - While we're on the topic, I hate to ask, but any chance we could fix up the formatting on the initscript itself? It's an indentation disaster. Not your fault, I know, but I don't know that we'll ever go back to taking the debian one again and I'd rather it be clean for anyone who comes along later. - There's one minor inconsistency in the logrotate file, too, can you make them all space-indented or all tab-indented please? Thanks, -J. [[oe] [meta-networking][PATCH 1/3] snort: add recipe] On 13.09.23 (Mon 17:06) b40...@freescale.com wrote: > From: Chunrong Guo <b40...@freescale.com> > > *snort - a free lightweight network intrusion detection > system for UNIX and Windows > > Signed-off-by: Chunrong Guo <b40...@freescale.com> > --- > .../recipes-connectivity/snort/files/default | 42 ++ > .../snort/files/disable-dap-address-space-id.patch | 52 +++ > .../snort/files/disable-inaddr-none.patch | 75 ++++ > .../recipes-connectivity/snort/files/logrotate | 12 + > .../recipes-connectivity/snort/files/snort.init | 425 > ++++++++++++++++++++ > .../recipes-connectivity/snort/files/volatiles | 2 + > .../recipes-connectivity/snort/snort_2.9.4.6.bb | 86 ++++ > 7 files changed, 694 insertions(+), 0 deletions(-) > create mode 100644 meta-networking/recipes-connectivity/snort/files/default > create mode 100644 > meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch > create mode 100644 > meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch > create mode 100644 meta-networking/recipes-connectivity/snort/files/logrotate > create mode 100755 > meta-networking/recipes-connectivity/snort/files/snort.init > create mode 100644 meta-networking/recipes-connectivity/snort/files/volatiles > create mode 100644 > meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > diff --git a/meta-networking/recipes-connectivity/snort/files/default > b/meta-networking/recipes-connectivity/snort/files/default > new file mode 100644 > index 0000000..afd3840 > --- /dev/null > +++ b/meta-networking/recipes-connectivity/snort/files/default > @@ -0,0 +1,42 @@ > +# Parameters for the daemon > +# Add any additional parameteres here. > +PARAMS="-m 027 -D -d " > +# > +# Snort user > +# This user will be used to launch snort. Notice that the > +# preinst script of the package might do changes to the user > +# (home directory, User Name) when the package is upgraded or > +# reinstalled. So, do *not* change this to 'root' or to any other user > +# unless you are sure there is no problem with those changes being > introduced. > +# > +SNORTUSER="snort" > +# > +# Logging directory > +# Snort logs will be dropped here and this will be the home > +# directory for the SNORTUSER. If you change this value you should > +# change the /etc/logrotate.d/snort definition too, otherwise logs > +# will not be rotated properly. > +# > +LOGDIR="/var/log/snort" > +# > +# Snort group > +# This is the group that the snort user will be added to. > +# > +SNORTGROUP="snort" > +# > +# Allow Snort's init.d script to work if the configured interfaces > +# are not available. Set this to yes if you configure Snort with > +# multiple interfaces but some might not be available on boot > +# (e.g. wireless interfaces) > +# > +# Note: In order for this to work the 'iproute' package needs to > +# be installed. > +ALLOW_UNAVAILABLE="no" > + > +# Local configs > +# > +LOCAL_SNORT_STARTUP=boot > +LOCAL_SNORT_HOME_NET="192.168.0.0/16" > +LOCAL_SNORT_INTERFACE="" > +LOCAL_SNORT_STATS_RCPT="root" > +LOCAL_SNORT_STATS_THRESHOLD="1" > diff --git > a/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch > > b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch > new file mode 100644 > index 0000000..39e5c9c > --- /dev/null > +++ > b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch > @@ -0,0 +1,52 @@ > +Upstream-Status:Inappropriate [embedded specific] > + > +fix the below error: > +checking for dap address space id... configure: > +configure: error: cannot run test program while cross compiling > + > + > +Signed-off-by: Chunrong Guo <b40...@freescale.com> > + > +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500 > ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500 > +@@ -679,23 +679,23 @@ > + > + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta]) > + > +-AC_MSG_CHECKING([for daq address space ID]) > +-AC_RUN_IFELSE( > +-[AC_LANG_PROGRAM( > +-[[ > +-#include <daq.h> > +-]], > +-[[ > +- DAQ_PktHdr_t hdr; > +- hdr.address_space_id = 0; > +-]])], > +-[have_daq_address_space_id="yes"], > +-[have_daq_address_space_id="no"]) > +-AC_MSG_RESULT($have_daq_address_space_id) > +-if test "x$have_daq_address_space_id" = "xyes"; then > +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], > +- [DAQ version supports address space ID in header.]) > +-fi > ++#AC_MSG_CHECKING([for daq address space ID]) > ++#AC_RUN_IFELSE( > ++#[AC_LANG_PROGRAM( > ++#[[ > ++##include <daq.h> > ++#]], > ++#[[ > ++# DAQ_PktHdr_t hdr; > ++# hdr.address_space_id = 0; > ++#]])], > ++have_daq_address_space_id="yes" > ++#[have_daq_address_space_id="no"]) > ++#AC_MSG_RESULT($have_daq_address_space_id) > ++#if test "x$have_daq_address_space_id" = "xyes"; then > ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], > ++# [DAQ version supports address space ID in header.]) > ++#fi > + > + # any sparc platform has to have this one defined. > + AC_MSG_CHECKING(for sparc) > diff --git > a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch > b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch > new file mode 100644 > index 0000000..9dafe63 > --- /dev/null > +++ > b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch > @@ -0,0 +1,75 @@ > +Upstream-Status: Inappropriate [embedded specific] > + > +fix the below error: > +checking for INADDR_NONE... configure: > +configure: error: cannot run test program while cross compiling > + > +Signed-off-by: Chunrong Guo <b40...@freescale.com> > + > + > +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500 > ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500 > +@@ -281,25 +281,7 @@ > + AC_CHECK_TYPES([boolean]) > + > + # In case INADDR_NONE is not defined (like on Solaris) > +-have_inaddr_none="no" > +-AC_MSG_CHECKING([for INADDR_NONE]) > +-AC_RUN_IFELSE( > +-[AC_LANG_PROGRAM( > +-[[ > +-#include <sys/types.h> > +-#include <netinet/in.h> > +-#include <arpa/inet.h> > +-]], > +-[[ > +- if (inet_addr("10,5,2") == INADDR_NONE); > +- return 0; > +-]])], > +-[have_inaddr_none="yes"], > +-[have_inaddr_none="no"]) > +-AC_MSG_RESULT($have_inaddr_none) > +-if test "x$have_inaddr_none" = "xno"; then > +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition]) > +-fi > ++have_inaddr_none="yes" > + > + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ > + #include <stdio.h> > +@@ -397,21 +379,21 @@ > + fi > + fi > + > +-AC_MSG_CHECKING([for pcap_lex_destroy]) > +-AC_RUN_IFELSE( > +-[AC_LANG_PROGRAM( > +-[[ > +-#include <pcap.h> > +-]], > +-[[ > +- pcap_lex_destroy(); > +-]])], > +-[have_pcap_lex_destroy="yes"], > +-[have_pcap_lex_destroy="no"]) > +-AC_MSG_RESULT($have_pcap_lex_destroy) > +-if test "x$have_pcap_lex_destroy" = "xyes"; then > +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack > created by pcap bpf filter]) > +-fi > ++#AC_MSG_CHECKING([for pcap_lex_destroy]) > ++#AC_RUN_IFELSE( > ++#[AC_LANG_PROGRAM( > ++#[[ > ++##include <pcap.h> > ++#]], > ++#[[ > ++# pcap_lex_destroy(); > ++#]])], > ++have_pcap_lex_destroy="yes" > ++#[have_pcap_lex_destroy="no"]) > ++#AC_MSG_RESULT($have_pcap_lex_destroy) > ++#if test "x$have_pcap_lex_destroy" = "xyes"; then > ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack > created by pcap bpf filter]) > ++#fi > + > + AC_MSG_CHECKING([for pcap_lib_version]) > + AC_LINK_IFELSE( > diff --git a/meta-networking/recipes-connectivity/snort/files/logrotate > b/meta-networking/recipes-connectivity/snort/files/logrotate > new file mode 100644 > index 0000000..ef3e4af > --- /dev/null > +++ b/meta-networking/recipes-connectivity/snort/files/logrotate > @@ -0,0 +1,12 @@ > +/var/log/snort/*.log /var/log/snort/alert { > + size 1M > + missingok > + compress > + delaycompress > + rotate 10 > + sharedscripts > + postrotate > + /etc/init.d/snort restart > + endscript > +} > + > diff --git a/meta-networking/recipes-connectivity/snort/files/snort.init > b/meta-networking/recipes-connectivity/snort/files/snort.init > new file mode 100755 > index 0000000..af66619 > --- /dev/null > +++ b/meta-networking/recipes-connectivity/snort/files/snort.init > @@ -0,0 +1,425 @@ > +#!/bin/sh -e > +# > +# Init.d script for Snort in OpenEmbedded, based on Debian's script > +# > +# Copyright (c) 2009 Roman I Khimov <khi...@altell.ru> > +# > +# Copyright (c) 2001 Christian Hammers > +# Copyright (c) 2001-2002 Robert van der Meulen > +# Copyright (c) 2002-2004 Sander Smeenk <ssme...@debian.org> > +# Copyright (c) 2004-2007 Javier Fernandez-Sanguino <j...@debian.org> > +# > +# This is free software; you may redistribute it and/or modify > +# it under the terms of the GNU General Public License as > +# published by the Free Software Foundation; either version 2, > +# or (at your option) any later version. > +# > +# This is distributed in the hope that it will be useful, but > +# WITHOUT ANY WARRANTY; without even the implied warranty of > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +# GNU General Public License for more details. > +# > +# You should have received a copy of the GNU General Public License with > +# the Debian operating system, in /usr/share/common-licenses/GPL; if > +# not, write to the Free Software Foundation, Inc., 59 Temple Place, > +# Suite 330, Boston, MA 02111-1307 USA > +# > +### BEGIN INIT INFO > +# Provides: snort > +# Required-Start: $time $network $local_fs > +# Required-Stop: > +# Should-Start: $syslog > +# Should-Stop: > +# Default-Start: 2 3 4 5 > +# Default-Stop: 0 1 6 > +# Short-Description: Lightweight network intrusion detection system > +# Description: Intrusion detection system that will > +# capture traffic from the network cards and will > +# match against a set of known attacks. > +### END INIT INFO > + > +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin > + > +test $DEBIAN_SCRIPT_DEBUG && set -v -x > + > +DAEMON=/usr/bin/snort > +NAME=snort > +DESC="Network Intrusion Detection System" > + > +. /etc/default/snort > +COMMON="$PARAMS -l $LOGDIR -u $SNORTUSER -g $SNORTGROUP" > + > +test -x $DAEMON || exit 0 > +test -z "$LOCAL_SNORT_HOME_NET" && LOCAL_SNORT_HOME_NET="192.168.0.0/16" > + > +# to find the lib files > +cd /etc/snort > + > +running() > +{ > + PIDFILE=$1 > +# No pidfile, probably no daemon present > + [ ! -f "$PIDFILE" ] && return 1 > + pid=`cat $PIDFILE` > +# No pid, probably no daemon present > + [ -z "$pid" ] && return 1 > + [ ! -d /proc/$pid ] && return 1 > + cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f > 1` > +# No daemon > + [ "$cmd" != "$DAEMON" ] && return 1 > + return 0 > +} > + > + > +check_log_dir() { > +# Does the logging directory belong to Snort? > + # If we cannot determine the logdir return without error > + # (we will not check it) > + # This will only be used by people using /etc/default/snort > + [ -n "$LOGDIR" ] || return 0 > + [ -n "$SNORTUSER" ] || return 0 > + if [ ! -e "$LOGDIR" ] ; then > + echo "ERR: logging directory $LOGDIR does not exist" > + return 1 > + elif [ ! -d "$LOGDIR" ] ; then > + echo "ERR: logging directory $LOGDIR does not exist" > + return 1 > + else > + # Don't worry, be happy > + true > + fi > + return 0 > +} > + > +check_root() { > + if [ "$(id -u)" != "0" ]; then > + echo "You must be root to start, stop or restart $NAME." > + exit 4 > + fi > +} > + > +case "$1" in > + start) > + check_root > + echo "Starting $DESC " "$NAME" > + > + if [ -e /etc/snort/db-pending-config ] ; then > + echo "/etc/snort/db-pending-config file found" > + echo "Snort will not start as its database is not yet > configured." > + echo "Please configure the database as described in" > + echo "/usr/share/doc/snort-{pgsql,mysql}/README-database.Debian" > + echo "and remove /etc/snort/db-pending-config" > + exit 6 > + fi > + > + if ! check_log_dir; then > + echo " will not start $DESC!" > + exit 5 > + fi > + if [ "$LOCAL_SNORT_STARTUP" = "dialup" ]; then > + shift > + set +e > + /etc/ppp/ip-up.d/snort "$@" > + ret=$? > + if [ $ret -eq 0 ] ; then > + echo 0 > + else > + echo 1 > + fi > + exit $ret > + fi > + > + # Usually, we start all interfaces > + interfaces="$LOCAL_SNORT_INTERFACE" > + > + # If we are requested to start a specific interface... > + test "$2" && interfaces="$2" > + > + # If the interfaces list is empty stop (no error) > + if [ -z "$interfaces" ] ; then > + echo "no interfaces configured, will not start" > + echo 0 > + exit 0 > + fi > + > + myret=0 > + got_instance=0 > + for interface in $interfaces; do > + got_instance=1 > + echo "($interface" > + > + # Check if the interface is available: > + # - only if iproute is available > + # - the interface exists > + # - the interface is up > + if ! [ -x /sbin/ip ] || ( ip link show dev "$interface" > >/dev/null 2>&1 && [ -n "`ip link show up "$interface" 2>/dev/null`" ] ) ; > then > + > + PIDFILE=/var/run/snort_$interface.pid > + CONFIGFILE=/etc/snort/snort.$interface.conf > + > + # Defaults: > + fail="failed (check /var/log/syslog and /var/log/snort)" > + run="yes" > + > + if [ -e "$PIDFILE" ] && running $PIDFILE; then > + run="no" > + # Do not start this instance, it is already runing > + fi > + > + if [ "$run" = "yes" ] ; then > + if [ ! -e "$CONFIGFILE" ]; then > + echo "no /etc/snort/snort.$interface.conf found, > defaulting to snort.conf" > + CONFIGFILE=/etc/snort/snort.conf > + fi > + > + set +e > + /sbin/start-stop-daemon --start --quiet \ > + --pidfile "$PIDFILE" \ > + --exec $DAEMON -- $COMMON $LOCAL_SNORT_OPTIONS \ > + -c $CONFIGFILE \ > + -S "HOME_NET=[$LOCAL_SNORT_HOME_NET]" \ > + -i $interface >/dev/null > + ret=$? > + case "$ret" in > + 0) > + echo "...done)" > + ;; > + *) > + echo "...ERROR: $fail)" > + myret=$(expr "$myret" + 1) > + ;; > + esac > + set -e > + else > + echo "...already running)" > + fi > + > + else > + # What to do if the interface is not available > + # or is not up > + if [ "$ALLOW_UNAVAILABLE" != "no" ] ; then > + echo "...interface not available)" > + else > + echo "...ERROR: interface not available)" > + myret=$(expr "$myret" + 1) > + fi > + fi > + done > + > + if [ "$got_instance" = 0 ] && [ "$ALLOW_UNAVAILABLE" = "no" ]; then > + echo "No snort instance found to be started!" >&2 > + exit 6 > + fi > + > + if [ $myret -eq 0 ] ; then > + echo 0 > + else > + echo 1 > + fi > + exit $myret > + ;; > + stop) > + check_root > + echo "Stopping $DESC " "$NAME" > + > + if [ "$LOCAL_SNORT_STARTUP" = "dialup" ]; then > + shift > + set +e > + /etc/ppp/ip-down.d/snort "$@" > + ret=$? > + if [ $ret -eq 0 ] ; then > + echo 0 > + else > + echo 1 > + fi > + exit $ret > + fi > + > + # Usually, we stop all current running interfaces > + pidpattern=/var/run/snort_*.pid > + > + # If we are requested to stop a specific interface... > + test "$2" && pidpattern=/var/run/snort_"$2".pid > + > + got_instance=0 > + myret=0 > + for PIDFILE in $pidpattern; do > + # This check is also needed, if the above pattern doesn't match > + test -f "$PIDFILE" || continue > + > + got_instance=1 > + interface=$(basename "$PIDFILE" .pid | sed -e 's/^snort_//') > + > + echo "($interface" > + > + set +e > + if [ ! -e "$PIDFILE" -o -r "$PIDFILE" ] ; then > +# Change ownership of the pidfile > + /sbin/start-stop-daemon --stop --retry 5 --quiet --oknodo \ > + --pidfile "$PIDFILE" --exec $DAEMON >/dev/null > + ret=$? > + rm -f "$PIDFILE" > + rm -f "$PIDFILE.lck" > + else > + echo "cannot read $PIDFILE" > + ret=4 > + fi > + case "$ret" in > + 0) > + echo "...done)" > + ;; > + *) > + echo "...ERROR)" > + myret=$(expr "$myret" + 1) > + ;; > + esac > + set -e > + > + done > + > + if [ "$got_instance" = 0 ]; then > + log_warning_msg "No running snort instance found" > + exit 0 # LSB demands we don't exit with error here > + fi > + if [ $myret -eq 0 ] ; then > + echo 0 > + else > + echo 1 > + fi > + exit $myret > + ;; > + restart|force-restart|reload|force-reload) > + check_root > + # Usually, we restart all current running interfaces > + pidpattern=/var/run/snort_*.pid > + > + # If we are requested to restart a specific interface... > + test "$2" && pidpattern=/var/run/snort_"$2".pid > + > + got_instance=0 > + for PIDFILE in $pidpattern; do > + # This check is also needed, if the above pattern doesn't match > + test -f "$PIDFILE" || continue > + > + got_instance=1 > + interface=$(basename "$PIDFILE" .pid | sed -e 's/^snort_//') > + $0 stop $interface || true > + $0 start $interface || true > + done > + > + if [ "$got_instance" = 0 ]; then > + echo "No snort instance found to be stopped!" >&2 > + exit 6 > + fi > + ;; > + status) > +# Non-root users can use this (if allowed to) > + echo "Status of snort daemon(s)" > + interfaces="$LOCAL_SNORT_INTERFACE" > + # If we are requested to check for a specific interface... > + test "$2" && interfaces="$2" > + err=0 > + pid=0 > + for interface in $interfaces; do > + echo " $interface " > + pidfile=/var/run/snort_$interface.pid > + if [ -f "$pidfile" ] ; then > + if [ -r "$pidfile" ] ; then > + pidval=`cat $pidfile` > + pid=$(expr "$pid" + 1) > + if ps -p $pidval | grep -q snort; then > + echo "OK" > + else > + echo "ERROR" > + err=$(expr "$err" + 1) > + fi > + else > + echo "ERROR: cannot read status file" > + err=$(expr "$err" + 1) > + fi > + else > + echo "ERROR" > + err=$(expr "$err" + 1) > + fi > + done > + if [ $err -ne 0 ] ; then > + if [ $pid -ne 0 ] ; then > +# More than one case where pidfile exists but no snort daemon > +# LSB demands a '1' exit value here > + echo 1 > + exit 1 > + else > +# No pidfiles at all > +# LSB demands a '3' exit value here > + echo 3 > + exit 3 > + fi > + fi > + echo 0 > + ;; > + config-check) > + echo "Checking $DESC configuration" > + if [ "$LOCAL_SNORT_STARTUP" = "dialup" ]; then > + echo "Config-check is currently not supported for snort in > Dialup configuration" > + echo 3 > + exit 3 > + fi > + > + # usually, we test all interfaces > + interfaces="$LOCAL_SNORT_INTERFACE" > + # if we are requested to test a specific interface... > + test "$2" && interfaces="$2" > + > + myret=0 > + got_instance=0 > + for interface in $interfaces; do > + got_instance=1 > + echo "interface $interface" > + > + CONFIGFILE=/etc/snort/snort.$interface.conf > + if [ ! -e "$CONFIGFILE" ]; then > + CONFIGFILE=/etc/snort/snort.conf > + fi > + COMMON=`echo $COMMON | sed -e 's/-D//'` > + set +e > + fail="INVALID" > + if [ -r "$CONFIGFILE" ]; then > + $DAEMON -T $COMMON $LOCAL_SNORT_OPTIONS \ > + -c $CONFIGFILE \ > + -S "HOME_NET=[$LOCAL_SNORT_HOME_NET]" \ > + -i $interface >/dev/null 2>&1 > + ret=$? > + else > + fail="cannot read $CONFIGFILE" > + ret=4 > + fi > + set -e > + > + case "$ret" in > + 0) > + echo "OK" > + ;; > + *) > + echo "$fail" > + myret=$(expr "$myret" + 1) > + ;; > + esac > + done > + if [ "$got_instance" = 0 ]; then > + echo "no snort instance found to be started!" >&2 > + exit 6 > + fi > + > + if [ $myret -eq 0 ] ; then > + echo 0 > + else > + echo 1 > + fi > + exit $myret > + ;; > + *) > + echo "Usage: $0 > {start|stop|restart|force-restart|reload|force-reload|status|config-check}" > + exit 1 > + ;; > +esac > +exit 0 > diff --git a/meta-networking/recipes-connectivity/snort/files/volatiles > b/meta-networking/recipes-connectivity/snort/files/volatiles > new file mode 100644 > index 0000000..e3ab51d > --- /dev/null > +++ b/meta-networking/recipes-connectivity/snort/files/volatiles > @@ -0,0 +1,2 @@ > +# <type> <owner> <group> <mode> <path> <linksource> > +d snort snort 0755 /var/log/snort none > \ No newline at end of file > diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > new file mode 100644 > index 0000000..5a165ef > --- /dev/null > +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > @@ -0,0 +1,86 @@ > +DESCRIPTION = "snort - a free lightweight network intrusion detection system > for UNIX and Windows." > +HOMEPAGE = "http://www.snort.org/" > +LICENSE = "GPL" > +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" > + > +DEPENDS = "libpcap libpcre daq libdnet" > + > +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \ > + file://disable-inaddr-none.patch \ > + file://disable-dap-address-space-id.patch \ > + file://snort.init \ > + file://default \ > + file://logrotate \ > + file://volatiles \ > + " > +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd" > +SRC_URI[tarball.sha256sum] = > "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc" > + > +inherit autotools gettext > + > +EXTRA_OECONF = " \ > + --enable-gre \ > + --enable-linux-smp-stats \ > + --enable-reload \ > + --enable-reload-error-restart \ > + --enable-targetbased \ > + --disable-static-daq \ > + " > + > +do_install_append() { > + install -d ${D}/${sysconfdir}/snort/rules > + install -d ${D}/${sysconfdir}/snort/preproc_rules > + install -d ${D}/${sysconfdir}/default/volatiles > + mkdir -p ${D}/${sysconfdir}/init.d > + for i in map config conf dtd; do > + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/ > + done > + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/ > + install -m 0644 ${WORKDIR}/default ${D}/${sysconfdir}/default/snort > + install -m 0644 ${WORKDIR}/volatiles > ${D}/${sysconfdir}/default/volatiles/snort > + install -m 0755 ${WORKDIR}/snort.init ${D}/${sysconfdir}/init.d/snort > + mkdir -p ${D}/${localstatedir}/log/snort > + install -d ${D}${sysconfdir}/logrotate.d > + install -m 0644 ${WORKDIR}/logrotate ${D}${sysconfdir}/logrotate.d/snort > +} > + > +pkg_postinst_${PN}() { > + grep -q ^snort: /etc/group || addgroup snort > + grep -q ^snort: /etc/passwd || \ > + adduser --disabled-password --home=/var/log/snort/ --system \ > + --ingroup snort --no-create-home -g "snort" snort > + ${sysconfdir}/init.d/populate-volatile.sh update > +} > + > +PACKAGES =+ "${PN}-logrotate" > +FILES_${PN}-logrotate = "${sysconfdir}/logrotate.d/snort" > +FILES_${PN} += " \ > + ${libdir}/snort_dynamicengine/*.so.* \ > + ${libdir}/snort_dynamicpreprocessor/*.so.* \ > + ${libdir}/snort_dynamicrules/*.so.* \ > + " > +FILES_${PN}-dbg += " \ > + ${libdir}/snort_dynamicengine/.debug \ > + ${libdir}/snort_dynamicpreprocessor/.debug \ > + ${libdir}/snort_dynamicrules/.debug \ > + " > +FILES_${PN}-staticdev += " \ > + ${libdir}/snort_dynamicengine/*.a \ > + ${libdir}/snort_dynamicpreprocessor/*.a \ > + ${libdir}/snort_dynamicrules/*.a \ > + ${libdir}/snort/dynamic_preproc/*.a \ > + ${libdir}/snort/dynamic_output/*.a \ > + " > +FILES_${PN}-dev += " \ > + ${libdir}/snort_dynamicengine/*.la \ > + ${libdir}/snort_dynamicpreprocessor/*.la \ > + ${libdir}/snort_dynamicrules/*.la \ > + ${libdir}/snort_dynamicengine/*.so \ > + ${libdir}/snort_dynamicpreprocessor/*.so \ > + ${libdir}/snort_dynamicrules/*.so \ > + ${prefix}/src/snort_dynamicsrc \ > + " > + > +RRECOMMENDS_${PN} += "${PN}-logrotate" > +RRECOMMENDS_${PN} += "barnyard" > +RSUGGESTS_${PN}-logrotate += "logrotate" -- -Joe MacDonald. :wq
signature.asc
Description: Digital signature
_______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel