diff options
| author | Gluzskiy Alexandr <sss123next@list.ru> | 2012-09-11 18:20:59 +0300 |
|---|---|---|
| committer | Gluzskiy Alexandr <sss123next@list.ru> | 2012-09-11 18:20:59 +0300 |
| commit | 2d7d250662cb735cc2c22c78f6b8cec1b3c282ce (patch) | |
| tree | aaffc96336c51b98357f3234d2f386e75fc6b0ff | |
| parent | e543b01583b453ed3df227c351d88ad31db5d6b2 (diff) | |
modified: media-video/ffmpeg/ffmpeg-9999.ebuild
new file: net-analyzer/barnyard2/barnyard2-9999.ebuild
new file: net-analyzer/barnyard2/files/barnyard2.confd
new file: net-analyzer/barnyard2/files/barnyard2.initd
new file: net-analyzer/barnyard2/files/makefile.patch
deleted: net-analyzer/snort/files
deleted: net-analyzer/snort/snort-2.8.3.1.ebuild
new file: net-analyzer/snort/snort/files/disabledynamic.patch
new file: net-analyzer/snort/snort/files/snort.confd
new file: net-analyzer/snort/snort/files/snort.confd.2
new file: net-analyzer/snort/snort/files/snort.rc10
new file: net-analyzer/snort/snort/files/snort.rc11
new file: net-analyzer/snort/snort/snort-2.9.3.1.ebuild
new file: net-libs/daq/daq-1.1.1.ebuild
| -rw-r--r-- | media-video/ffmpeg/ffmpeg-9999.ebuild | 332 | ||||
| -rw-r--r-- | net-analyzer/barnyard2/barnyard2-9999.ebuild | 73 | ||||
| -rw-r--r-- | net-analyzer/barnyard2/files/barnyard2.confd | 36 | ||||
| -rw-r--r-- | net-analyzer/barnyard2/files/barnyard2.initd | 30 | ||||
| -rw-r--r-- | net-analyzer/barnyard2/files/makefile.patch | 9 | ||||
| l--------- | net-analyzer/snort/files | 1 | ||||
| -rw-r--r-- | net-analyzer/snort/snort-2.8.3.1.ebuild | 169 | ||||
| -rw-r--r-- | net-analyzer/snort/snort/files/disabledynamic.patch | 110 | ||||
| -rw-r--r-- | net-analyzer/snort/snort/files/snort.confd | 17 | ||||
| -rw-r--r-- | net-analyzer/snort/snort/files/snort.confd.2 | 16 | ||||
| -rw-r--r-- | net-analyzer/snort/snort/files/snort.rc10 | 50 | ||||
| -rw-r--r-- | net-analyzer/snort/snort/files/snort.rc11 | 57 | ||||
| -rw-r--r-- | net-analyzer/snort/snort/snort-2.9.3.1.ebuild | 264 | ||||
| -rw-r--r-- | net-libs/daq/daq-1.1.1.ebuild | 71 |
14 files changed, 953 insertions, 282 deletions
diff --git a/media-video/ffmpeg/ffmpeg-9999.ebuild b/media-video/ffmpeg/ffmpeg-9999.ebuild index ce90a0d..1a554dd 100644 --- a/media-video/ffmpeg/ffmpeg-9999.ebuild +++ b/media-video/ffmpeg/ffmpeg-9999.ebuild @@ -1,128 +1,213 @@ -# Copyright 1999-2009 Gentoo Foundation +# Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: $ +# $Header: /var/cvsroot/gentoo-x86/media-video/ffmpeg/ffmpeg-9999.ebuild,v 1.103 2012/08/17 13:05:23 aballier Exp $ -EAPI=1 -ESVN_REPO_URI="svn://svn.mplayerhq.hu/ffmpeg/trunk" +EAPI="4" -inherit eutils flag-o-matic multilib toolchain-funcs subversion +SCM="" +if [ "${PV#9999}" != "${PV}" ] ; then + SCM="git-2" + EGIT_REPO_URI="git://source.ffmpeg.org/ffmpeg.git" +fi -DESCRIPTION="Complete solution to record, convert and stream audio and video" +inherit eutils flag-o-matic multilib toolchain-funcs ${SCM} + +DESCRIPTION="Complete solution to record, convert and stream audio and video. Includes libavcodec." HOMEPAGE="http://ffmpeg.org/" +if [ "${PV#9999}" != "${PV}" ] ; then + SRC_URI="" +elif [ "${PV%_p*}" != "${PV}" ] ; then # Snapshot + SRC_URI="mirror://gentoo/${P}.tar.bz2" +else # Release + SRC_URI="http://ffmpeg.org/releases/${P/_/-}.tar.bz2" +fi +FFMPEG_REVISION="${PV#*_p}" -LICENSE="GPL-2" +LICENSE="GPL-2 amr? ( GPL-3 ) encode? ( aac? ( GPL-3 ) )" SLOT="0" -KEYWORDS="" -IUSE="+3dnow +3dnowext +alsa altivec amr custom-cflags debug dirac doc ieee1394 - +encode +faac gsm ipv6 +mmx +mmxext +vorbis test theora +threads - +x264 +xvid network zlib sdl X +mp3 oss schroedinger +hardcoded-tables - bindist v4l v4l2 speex +ssse3 jpeg2k" +if [ "${PV#9999}" = "${PV}" ] ; then + KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux" +fi +IUSE=" + aac aacplus alsa amr avresample bindist bluray +bzip2 cdio celt + cpudetection debug doc +encode faac flite fontconfig frei0r gnutls gsm + +hardcoded-tables iec61883 ieee1394 jack jpeg2k libass libcaca libv4l + modplug mp3 network openal openssl opus oss pic pulseaudio rtmp schroedinger + sdl speex static-libs test theora threads truetype twolame v4l vaapi vdpau + vorbis vpx X x264 xvid +zlib + " + +# String for CPU features in the useflag[:configure_option] form +# if :configure_option isn't set, it will use 'useflag' as configure option +CPU_FEATURES="3dnow:amd3dnow 3dnowext:amd3dnowext altivec avx mmx mmxext ssse3 vis neon" + +for i in ${CPU_FEATURES}; do + IUSE="${IUSE} ${i%:*}" +done -RDEPEND="sdl? ( >=media-libs/libsdl-1.2.10 ) +FFTOOLS="aviocat cws2fws ffeval graph2dot ismindex pktdumper qt-faststart trasher" + +for i in ${FFTOOLS}; do + IUSE="${IUSE} +fftools_$i" +done + +RDEPEND=" alsa? ( media-libs/alsa-lib ) + amr? ( media-libs/opencore-amr ) + bluray? ( media-libs/libbluray ) + bzip2? ( app-arch/bzip2 ) + cdio? ( dev-libs/libcdio ) + celt? ( >=media-libs/celt-0.11.1 ) encode? ( + aac? ( media-libs/vo-aacenc ) + aacplus? ( media-libs/libaacplus ) + amr? ( media-libs/vo-amrwbenc ) faac? ( media-libs/faac ) - mp3? ( media-sound/lame ) - vorbis? ( media-libs/libvorbis media-libs/libogg ) - theora? ( media-libs/libtheora media-libs/libogg ) - x264? ( >=media-libs/x264-0.0.20081006 ) - xvid? ( >=media-libs/xvid-1.1.0 ) ) - zlib? ( sys-libs/zlib ) - ieee1394? ( media-libs/libdc1394 - sys-libs/libraw1394 ) - dirac? ( media-video/dirac ) + mp3? ( >=media-sound/lame-3.98.3 ) + theora? ( >=media-libs/libtheora-1.1.1[encode] media-libs/libogg ) + twolame? ( media-sound/twolame ) + x264? ( >=media-libs/x264-0.0.20111017 ) + xvid? ( >=media-libs/xvid-1.1.0 ) + ) + flite? ( app-accessibility/flite ) + fontconfig? ( media-libs/fontconfig ) + frei0r? ( media-plugins/frei0r-plugins ) + gnutls? ( >=net-libs/gnutls-2.12.16 ) gsm? ( >=media-sound/gsm-1.0.12-r1 ) + iec61883? ( media-libs/libiec61883 sys-libs/libraw1394 sys-libs/libavc1394 ) + ieee1394? ( media-libs/libdc1394 sys-libs/libraw1394 ) + jack? ( media-sound/jack-audio-connection-kit ) jpeg2k? ( >=media-libs/openjpeg-1.3-r2 ) + libass? ( media-libs/libass ) + libcaca? ( media-libs/libcaca ) + libv4l? ( media-libs/libv4l ) + modplug? ( media-libs/libmodplug ) + openal? ( >=media-libs/openal-1.1 ) + opus? ( media-libs/opus ) + pulseaudio? ( media-sound/pulseaudio ) + rtmp? ( >=media-video/rtmpdump-2.2f ) + sdl? ( >=media-libs/libsdl-1.2.13-r1[audio,video] ) schroedinger? ( media-libs/schroedinger ) speex? ( >=media-libs/speex-1.2_beta3 ) - X? ( x11-libs/libX11 x11-libs/libXext ) - amr? ( media-libs/opencore-amr )" + truetype? ( media-libs/freetype:2 ) + vaapi? ( >=x11-libs/libva-0.32 ) + vdpau? ( x11-libs/libvdpau ) + vorbis? ( media-libs/libvorbis media-libs/libogg ) + vpx? ( >=media-libs/libvpx-0.9.6 ) + X? ( x11-libs/libX11 x11-libs/libXext x11-libs/libXfixes ) + zlib? ( sys-libs/zlib ) + !media-video/qt-faststart + !media-libs/libpostproc +" DEPEND="${RDEPEND} >=sys-devel/make-3.81 - mmx? ( dev-lang/yasm ) doc? ( app-text/texi2html ) + fontconfig? ( virtual/pkgconfig ) + gnutls? ( virtual/pkgconfig ) + ieee1394? ( virtual/pkgconfig ) + libv4l? ( virtual/pkgconfig ) + mmx? ( dev-lang/yasm ) + rtmp? ( virtual/pkgconfig ) + schroedinger? ( virtual/pkgconfig ) test? ( net-misc/wget ) + truetype? ( virtual/pkgconfig ) v4l? ( sys-kernel/linux-headers ) - v4l2? ( sys-kernel/linux-headers )" +" +# faac is license-incompatible with ffmpeg +REQUIRED_USE="bindist? ( encode? ( !faac !aacplus ) !openssl ) + libv4l? ( v4l ) + fftools_cws2fws? ( zlib ) + test? ( encode zlib )" -src_compile() { - local myconf="${EXTRA_ECONF}" +S=${WORKDIR}/${P/_/-} - # enabled by default - use debug || myconf="${myconf} --disable-debug" - use zlib || myconf="${myconf} --disable-zlib" - use sdl || myconf="${myconf} --disable-ffplay" - - if use network; then - use ipv6 - else - myconf="${myconf} --disable-network" +src_prepare() { + if [ "${PV%_p*}" != "${PV}" ] ; then # Snapshot + export revision=git-N-${FFMPEG_REVISION} fi +} - use custom-cflags && myconf="${myconf} --disable-optimizations" +src_configure() { + local myconf="${EXTRA_FFMPEG_CONF}" + # Set to --enable-version3 if (L)GPL-3 is required + local version3="" # enabled by default + for i in debug doc network vaapi vdpau zlib; do + use ${i} || myconf="${myconf} --disable-${i}" + done + use bzip2 || myconf="${myconf} --disable-bzlib" + use sdl || myconf="${myconf} --disable-ffplay" + + use cpudetection && myconf="${myconf} --enable-runtime-cpudetect" + use openssl && myconf="${myconf} --enable-openssl --enable-nonfree" + for i in gnutls ; do + use $i && myconf="${myconf} --enable-$i" + done + + # Encoders if use encode then use mp3 && myconf="${myconf} --enable-libmp3lame" - use vorbis && myconf="${myconf} --enable-libvorbis" - use theora && myconf="${myconf} --enable-libtheora" - use x264 && myconf="${myconf} --enable-libx264" - use xvid && myconf="${myconf} --enable-libxvid" + use aac && { myconf="${myconf} --enable-libvo-aacenc" ; version3=" --enable-version3" ; } + use amr && { myconf="${myconf} --enable-libvo-amrwbenc" ; version3=" --enable-version3" ; } + for i in theora twolame x264 xvid; do + use ${i} && myconf="${myconf} --enable-lib${i}" + done + use aacplus && myconf="${myconf} --enable-libaacplus --enable-nonfree" + use faac && myconf="${myconf} --enable-libfaac --enable-nonfree" else myconf="${myconf} --disable-encoders" fi # libavdevice options - use ieee1394 && myconf="${myconf} --enable-libdc1394" - # Demuxers - for i in v4l v4l2 alsa oss ; do - use $i || myconf="${myconf} --disable-demuxer=$i" + for i in cdio iec61883 ; do + use ${i} && myconf="${myconf} --enable-lib${i}" done - # Muxers - for i in alsa oss ; do - use $i || myconf="${myconf} --disable-muxer=$i" + use ieee1394 && myconf="${myconf} --enable-libdc1394" + use libcaca && myconf="${myconf} --enable-libcaca" + use openal && myconf="${myconf} --enable-openal" + # Indevs + # v4l1 is gone since linux-headers-2.6.38 + myconf="${myconf} --disable-indev=v4l" + use v4l || myconf="${myconf} --disable-indev=v4l2" + for i in alsa oss jack ; do + use ${i} || myconf="${myconf} --disable-indev=${i}" done use X && myconf="${myconf} --enable-x11grab" + use pulseaudio && myconf="${myconf} --enable-libpulse" + use libv4l && myconf="${myconf} --enable-libv4l2" + # Outdevs + for i in alsa oss sdl ; do + use ${i} || myconf="${myconf} --disable-outdev=${i}" + done + # libavfilter options + for i in frei0r fontconfig libass ; do + use ${i} && myconf="${myconf} --enable-${i}" + done + use truetype && myconf="${myconf} --enable-libfreetype" + use flite && myconf="${myconf} --enable-libflite" # Threads; we only support pthread for now but ffmpeg supports more use threads && myconf="${myconf} --enable-pthreads" # Decoders - use dirac && myconf="${myconf} --enable-libdirac" - use schroedinger && myconf="${myconf} --enable-libschroedinger" - use speex && myconf="${myconf} --enable-libspeex" + use amr && { myconf="${myconf} --enable-libopencore-amrwb --enable-libopencore-amrnb" ; version3=" --enable-version3" ; } + for i in bluray celt gsm modplug opus rtmp schroedinger speex vorbis vpx; do + use ${i} && myconf="${myconf} --enable-lib${i}" + done use jpeg2k && myconf="${myconf} --enable-libopenjpeg" - if use gsm; then - myconf="${myconf} --enable-libgsm" - # Crappy detection or our installation is weird, pick one (FIXME) - append-flags -I/usr/include/gsm - fi - if use bindist - then - if use faac; then - ewarn "FAAC is considered nonfree by ffmpeg developers and the resulting" - ewarn "ffmpeg binary can therefore not be freely redistributed." - ewarn "Disabling faac support." - fi - else - use amr && myconf="${myconf} --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-version3 \ - --enable-nonfree" - use faac && myconf="${myconf} --enable-libfaac --enable-nonfree" - fi # CPU features - for i in mmx ssse3 altivec ; do - use $i || myconf="${myconf} --disable-$i" + for i in ${CPU_FEATURES}; do + use ${i%:*} || myconf="${myconf} --disable-${i#*:}" done - use mmxext || myconf="${myconf} --disable-mmx2" - use 3dnow || myconf="${myconf} --disable-amd3dnow" - use 3dnowext || myconf="${myconf} --disable-amd3dnowext" - # disable mmx accelerated code if PIC is required - # as the provided asm decidedly is not PIC. - if gcc-specs-pie ; then - myconf="${myconf} --disable-mmx --disable-mmx2" + if use pic ; then + myconf="${myconf} --enable-pic" + # disable asm code if PIC is required + # as the provided asm decidedly is not PIC for x86. + use x86 && myconf="${myconf} --disable-asm" fi # Try to get cpu type based on CFLAGS. @@ -131,60 +216,83 @@ src_compile() { # If they contain an unknown CPU it will not hurt since ffmpeg's configure # will just ignore it. for i in $(get-flag march) $(get-flag mcpu) $(get-flag mtune) ; do - myconf="${myconf} --cpu=$i" + [ "${i}" = "native" ] && i="host" # bug #273421 + myconf="${myconf} --cpu=${i}" break done # Mandatory configuration - myconf="${myconf} --enable-gpl --enable-postproc \ - --enable-avfilter --enable-avfilter-lavf \ - --disable-stripping" + myconf=" + --enable-gpl + ${version3} + --enable-postproc + --enable-avfilter + --disable-stripping + ${myconf}" # cross compile support - tc-is-cross-compiler && myconf="${myconf} --enable-cross-compile --arch=$(tc-arch-kernel)" + if tc-is-cross-compiler ; then + myconf="${myconf} --enable-cross-compile --arch=$(tc-arch-kernel) --cross-prefix=${CHOST}-" + case ${CHOST} in + *freebsd*) + myconf="${myconf} --target-os=freebsd" + ;; + mingw32*) + myconf="${myconf} --target-os=mingw32" + ;; + *linux*) + myconf="${myconf} --target-os=linux" + ;; + esac + fi + + # avresample support for libav compatibility + use avresample && myconf="${myconf} --enable-avresample" # Misc stuff use hardcoded-tables && myconf="${myconf} --enable-hardcoded-tables" - # Specific workarounds for too-few-registers arch... - if [[ $(tc-arch) == "x86" ]]; then - filter-flags -fforce-addr -momit-leaf-frame-pointer - append-flags -fomit-frame-pointer - is-flag -O? || append-flags -O2 - if (use debug); then - # no need to warn about debug if not using debug flag - ewarn "" - ewarn "Debug information will be almost useless as the frame pointer is omitted." - ewarn "This makes debugging harder, so crashes that has no fixed behavior are" - ewarn "difficult to fix. Please have that in mind." - ewarn "" - fi - fi - cd "${S}" ./configure \ - --prefix=/usr \ - --libdir=/usr/$(get_libdir) \ - --shlibdir=/usr/$(get_libdir) \ - --mandir=/usr/share/man \ - --enable-static --enable-shared \ + --prefix="${EPREFIX}/usr" \ + --libdir="${EPREFIX}/usr/$(get_libdir)" \ + --shlibdir="${EPREFIX}/usr/$(get_libdir)" \ + --mandir="${EPREFIX}/usr/share/man" \ + --enable-shared \ --cc="$(tc-getCC)" \ - ${myconf} || die "configure failed" + --cxx="$(tc-getCXX)" \ + --ar="$(tc-getAR)" \ + --optflags="${CFLAGS}" \ + --extra-cflags="${CFLAGS}" \ + --extra-cxxflags="${CXXFLAGS}" \ + $(use_enable static-libs static) \ + ${myconf} || die +} - emake version.h || die #252269 - emake || die "make failed" +src_compile() { + emake + + for i in ${FFTOOLS} ; do + if use fftools_$i ; then + emake tools/$i + fi + done } src_install() { - emake DESTDIR="${D}" install || die "Install Failed" + emake DESTDIR="${D}" install install-man dodoc Changelog README INSTALL - dodoc doc/* + dodoc -r doc/* + + for i in ${FFTOOLS} ; do + if use fftools_$i ; then + dobin tools/$i + fi + done } -# Never die for now... src_test() { - for t in codectest libavtest seektest ; do - emake ${t} || ewarn "Some tests in ${t} failed" - done + LD_LIBRARY_PATH="${S}/libpostproc:${S}/libswscale:${S}/libswresample:${S}/libavcodec:${S}/libavdevice:${S}/libavfilter:${S}/libavformat:${S}/libavutil" \ + emake fate } diff --git a/net-analyzer/barnyard2/barnyard2-9999.ebuild b/net-analyzer/barnyard2/barnyard2-9999.ebuild new file mode 100644 index 0000000..499ab16 --- /dev/null +++ b/net-analyzer/barnyard2/barnyard2-9999.ebuild @@ -0,0 +1,73 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/barnyard2/barnyard2-1.9.ebuild,v 1.2 2011/04/02 12:54:23 ssuominen Exp $ + +EAPI="2" + +inherit git-2 autotools eutils + + +DESCRIPTION="Parser for Snort unified/unified2 files" +HOMEPAGE="http://www.securixlive.com/barnyard2/" +EGIT_REPO_URI="git://github.com/binf/barnyard2.git" +EGIT_BRANCH="stable" +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~amd64 ~x86" +IUSE="static debug gre mpls mysql odbc postgres" + +DEPEND="net-libs/libpcap + mysql? ( virtual/mysql ) + postgres? ( dev-db/postgresql-server ) + odbc? ( dev-db/unixODBC )" +RDEPEND="${DEPEND}" + +src_prepare() { + sed -i -e "s:^#config interface:config interface:" \ + "${WORKDIR}/${P}/etc/barnyard2.conf" || die + sed -i -e "s:^output alert_fast:#output alert_fast:" \ + "${WORKDIR}/${P}/etc/barnyard2.conf" || die + epatch "${FILESDIR}/makefile.patch" + ./autogen.sh + elibtoolize +} + +src_configure() { + econf \ + $(use_enable !static shared) \ + $(use_enable static) \ + $(use_enable debug) \ + $(use_enable gre) \ + $(use_enable mpls) \ + $(use_with mysql) \ + $(use_with odbc) \ + $(use_with postgres postgresql) \ + --disable-ipv6 \ + --disable-prelude \ + --disable-mysql-ssl-support \ + --disable-aruba \ + --without-tcl \ + --without-oracle || die + + emake || die +} + +src_install () { + make DESTDIR="${D}" install || die + newconfd "${FILESDIR}/barnyard2.confd" barnyard2 || die + newinitd "${FILESDIR}/barnyard2.initd" barnyard2 || die + dodir /etc/barnyard2 \ + /var/log/snort \ + /var/log/snort/archive \ + /var/log/barnyard2 || die + dodoc RELEASE.NOTES \ + etc/barnyard2.conf \ + doc/README* \ + schemas/create_* || die +} + +pkg_postinst() { + elog "Configuration options can be set in /etc/conf.d/barnyard2." + elog + elog "An example configuration file can be found in /usr/share/doc/${PF}." +} diff --git a/net-analyzer/barnyard2/files/barnyard2.confd b/net-analyzer/barnyard2/files/barnyard2.confd new file mode 100644 index 0000000..d114f82 --- /dev/null +++ b/net-analyzer/barnyard2/files/barnyard2.confd @@ -0,0 +1,36 @@ +# Config file for /etc/init.d/barnyard2 + +# This file only contains variables needed by the init.d script. +# All other configuration options are located in the barnyard2.conf file + +# This should be the first part of the unified/unified2 log file name (without the time stamp) +# Ex. If you log files look like this 'snort.unified2.1239801645' then you would use 'snort.unified2' +SPOOL_FILE="snort.unified2" + +# Location of your unified/unified2 log files +SPOOL_DIR="/var/log/snort" + +# Directory to log to +LOG_DIR="/var/log/barnyard2" + +# This MUST match what you set for "config interface:" in your barnyard2.conf +# If you do not set this correctly then Barnyard2 will not stop when you do a +# "/etc/init.d/barnyard2 stop" +INTERFACE="eth0" + +# You probably don't want to change this, but in case you do +PID_FILE="barnyard2_${INTERFACE}.pid" +PID_PATH="/var/run" + +# The waldo file is located in the SPOOL_DIR to support multipule instances of barnyard2 +WALDO_FILE="${SPOOL_DIR}/barnyard2.waldo" +CONF="/etc/barnyard2/barnyard2.conf" + +# Location of the archive directory if you choose to use it. +# The ARCHIVE_DIR is located in the SPOOL_DIR to support multipule instances of barnyard2 +#ARCHIVE_DIR="${SPOOL_DIR}/archive" + +# This pulls in the options above +BARNYARD_OPTS="-D -c ${CONF} -d ${SPOOL_DIR} -w ${WALDO_FILE} -f ${SPOOL_FILE} -l ${LOG_DIR}" +# Or with an archive directory +#BARNYARD_OPTS="-D -c ${CONF} -d ${SPOOL_DIR} -w ${WALDO_FILE} -f ${LOG_FILE} -l ${LOG_DIR} -a ${ARCHIVE_DIR}" diff --git a/net-analyzer/barnyard2/files/barnyard2.initd b/net-analyzer/barnyard2/files/barnyard2.initd new file mode 100644 index 0000000..4d0a338 --- /dev/null +++ b/net-analyzer/barnyard2/files/barnyard2.initd @@ -0,0 +1,30 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/barnyard2/files/barnyard2.initd,v 1.1 2010/03/16 21:25:54 patrick Exp $ + +depend() { + need net +} + +checkconfig() { + if [ ! -e ${CONF} ] ; then + eerror "You need a configuration file to run barnyard2" + eerror "There is an example config in /etc/snort/barnyard2.conf.distrib" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting barnyard2" + start-stop-daemon --start --quiet --exec /usr/bin/barnyard2 \ + -- --pid-path ${PID_PATH} --nolock-pidfile ${BARNYARD_OPTS} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping barnyard2" + start-stop-daemon --stop --quiet --pidfile ${PID_PATH}/${PID_FILE} + eend $? +} diff --git a/net-analyzer/barnyard2/files/makefile.patch b/net-analyzer/barnyard2/files/makefile.patch new file mode 100644 index 0000000..ce04a25 --- /dev/null +++ b/net-analyzer/barnyard2/files/makefile.patch @@ -0,0 +1,9 @@ +diff -Naur work/barnyard2-9999/etc/Makefile.am work2/barnyard2-9999/etc/Makefile.am +--- work/barnyard2-9999/etc/Makefile.am 2012-09-11 18:07:05.924046621 +0300 ++++ work2/barnyard2-9999/etc/Makefile.am 2012-09-11 18:08:23.547382989 +0300 +@@ -4,4 +4,4 @@ + EXTRA_DIST = barnyard2.conf + + install-data-am: +- test -e $(sysconfdir)/barnyard2.conf || install -m 600 $(top_srcdir)/etc/barnyard2.conf $(sysconfdir) ++ echo "removed" diff --git a/net-analyzer/snort/files b/net-analyzer/snort/files deleted file mode 120000 index 08a3202..0000000 --- a/net-analyzer/snort/files +++ /dev/null @@ -1 +0,0 @@ -/usr/portage/net-analyzer/snort/files
\ No newline at end of file diff --git a/net-analyzer/snort/snort-2.8.3.1.ebuild b/net-analyzer/snort/snort-2.8.3.1.ebuild deleted file mode 100644 index f95c047..0000000 --- a/net-analyzer/snort/snort-2.8.3.1.ebuild +++ /dev/null @@ -1,169 +0,0 @@ -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: $ - -WANT_AUTOCONF="latest" -WANT_AUTOMAKE="latest" -AT_M4DIR=m4 - -inherit eutils autotools - -DESCRIPTION="Libpcap-based packet sniffer/logger/lightweight IDS" -HOMEPAGE="http://www.snort.org/" -SRC_URI="http://www.snort.org/dl/snort-2.8.3.1.tar.gz - http://www.snort.org/pub-bin/downloads.cgi/Download/comm_rules/Community-Rules-2.4.tar.gz - http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz" -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 -sparc ~x86" -IUSE="postgres mysql selinux odbc prelude inline dynamicplugin timestats perfprofiling linux-smp-stats flexresp2 sguil gre" - -DEPEND="virtual/libc - >=dev-libs/libpcre-4.2-r1 - virtual/libpcap - flexresp2? ( dev-libs/libdnet ) - react? ( ~net-libs/libnet-1.0.2a ) - postgres? ( || ( dev-db/postgresql dev-db/libpq ) ) - mysql? ( virtual/mysql ) - prelude? ( >=dev-libs/libprelude-0.9.0 ) - odbc? ( dev-db/unixODBC ) - >=sys-devel/libtool-1.4 - inline? ( - ~net-libs/libnet-1.0.2a - net-firewall/iptables - )" - -RDEPEND="${DEPEND} - dev-lang/perl - selinux? ( sec-policy/selinux-snort )" - -pkg_setup() { - enewgroup snort - enewuser snort -1 -1 /dev/null snort - - if use flexresp && use flexresp2 ; then - ewarn - ewarn "You have both the 'flexresp' and 'flexresp2' USE" - ewarn "flags set. You can use 'flexresp' or 'flexresp2'" - ewarn "but not both." - ewarn - ewarn "Defaulting to flexresp2..." - fi -} - -src_unpack() { - unpack ${A} - cd "${S}" - - epatch "${FILESDIR}/${PN}-2.6.1.2-libdir.patch" - epatch "${FILESDIR}/${PN}-2.8.2-libnet.patch" - sed -i "s:var RULE_PATH ../rules:var RULE_PATH /etc/snort/rules:" \ - etc/snort.conf - - if use prelude ; then - sed -i -e "s:AC_PROG_RANLIB:AC_PROG_LIBTOOL:" configure.in - fi - - einfo "Regenerating autoconf/automake files" - eautoreconf -} - -src_compile() { - local myconf - - if use flexresp2; then - myconf="${myconf} --enable-flexresp2" - elif use flexresp; then - myconf="${myconf} --enable-flexresp" - fi - - if use react && ! use flexresp; then - myconf="${myconf} --enable-react" - fi - - use gre && myconf="${myconf} --enable-gre" - - myconf="${myconf} --with-libipq-includes=/usr/include/libipq" - - econf \ - --without-oracle \ - $(use_with postgres postgresql) \ - $(use_with mysql) \ - $(use_with odbc) \ - $(use_enable prelude) \ - $(use_enable inline) \ - $(use_enable dynamicplugin) \ - $(use_enable timestats) \ - $(use_enable perfprofiling) \ - $(use_enable linux-smp-stats) \ - ${myconf} || die "econf failed" - - # limit to single as reported by jforman on irc - emake -j1 || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "make install failed" - - keepdir /var/log/snort/ - - dodoc doc/* - dodoc ./RELEASE.NOTES - docinto schemas ; dodoc schemas/* - - insinto /etc/snort - doins etc/reference.config etc/classification.config \ - etc/*.map etc/threshold.conf - use dynamicplugin || sed -i -e 's:^dynamic:# dynamic:g' etc/snort.conf - sed -e "s:/usr/local/lib:/usr/$(get_libdir):g" -e 's:/usr/local/:/usr/:g' \ - etc/snort.conf > "${D}"/etc/snort/snort.conf.distrib - - newinitd "${FILESDIR}/snort.rc8" snort - newconfd "${FILESDIR}/snort.confd" snort - - fowners snort:snort /var/log/snort - fperms 0770 /var/log/snort - - # install rules - insinto /etc/snort/rules - doins -r "${WORKDIR}"/rules/* -} - -pkg_postinst() { - ewarn - ewarn "If you find that snort is using too much memory, your system" - ewarn "freezes, or snort crashes after a few minutes try adding the" - ewarn "following to your snort.conf..." - ewarn - ewarn "'config detection: search-method ac-sparsebands'" - ewarn - ewarn "This will provide high pattern matching performance at a much" - ewarn "lower cost to memory. For more information on the new features" - ewarn "in snort 2.7, please take a look at the release notes located in..." - ewarn - ewarn " /usr/share/doc/${PF}/RELEASE.NOTES.bz2" - ewarn - elog "To use a database as a backend for snort you will have to" - elog "import the correct tables to the database." - elog "You will have to setup a database called snort before doing the" - elog "following..." - elog - elog " MySQL: bzcat /usr/share/doc/${PF}/schemas/create_mysql.bz2 | mysql -p snort" - elog - elog " PostgreSQL: import /usr/share/doc/${PF}/schemas/create_postgresql.bz2" - elog - elog " ODBC: look at /usr/share/doc/${PF}/schemas/" - elog - elog "Users using the unified output plugin and barnyard do not need to" - elog "compile database support into snort, but still need to set up their" - elog "database as shown above." - elog - ewarn "Only a basic set of rules was installed." - ewarn "Please add your other sets of rules to /etc/snort/rules." - ewarn "For more information on rules, visit ${HOMEPAGE}." - if use sguil ; then - elog "SGUIL needs to catch up with recent snort. If you plan on using SGUIL" - elog "you should unmerge ${P} and emerge snort-2.4.x" - fi -} - diff --git a/net-analyzer/snort/snort/files/disabledynamic.patch b/net-analyzer/snort/snort/files/disabledynamic.patch new file mode 100644 index 0000000..d1ace23 --- /dev/null +++ b/net-analyzer/snort/snort/files/disabledynamic.patch @@ -0,0 +1,110 @@ +? cflags.out +? cppflags.out +? cscope.out +? disabledynamic.patch +? http.patch +? log +? make.out +? rules.work +? snort-build.sh +? snort.pc +? ylwrap +? etc/snort.conf.work +? src/dynamic-preprocessors/rzb_saac/Makefile +? tools/u2boat/u2boat +? tools/u2spewfoo/u2spewfoo +Index: src/fpcreate.c +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v +retrieving revision 1.107.2.2 +diff -u -p -r1.107.2.2 fpcreate.c +--- src/fpcreate.c 11 Jan 2011 22:54:40 -0000 1.107.2.2 ++++ src/fpcreate.c 17 Feb 2011 20:06:49 -0000 +@@ -70,6 +70,8 @@ + #include "dynamic-plugins/sp_preprocopt.h" + #endif + ++#include "dynamic-plugins/sf_dynamic_define.h" ++ + + /* + * Content flag values +@@ -1810,9 +1812,11 @@ static int fpAddPortGroupRule(PORT_GROUP + fpAddAllContents(pg->pgPms[PM_TYPE__CONTENT], otn, id, pmd, fp); + #endif + ++#ifdef DYNAMIC_PLUGIN + /* No content added */ + if (pmd == preproc_opt_pmds) + FreePmdList(pmd); ++#endif + + if (fpFinishPortGroupRule(pg, PM_TYPE__MAX, otn, NULL, fp) != 0) + return -1; +Index: src/dynamic-plugins/sf_dynamic_define.h +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v +retrieving revision 1.15.4.1 +diff -u -p -r1.15.4.1 sf_dynamic_define.h +--- src/dynamic-plugins/sf_dynamic_define.h 3 Jan 2011 19:58:05 -0000 1.15.4.1 ++++ src/dynamic-plugins/sf_dynamic_define.h 17 Feb 2011 20:06:49 -0000 +@@ -96,5 +96,15 @@ typedef enum { + #endif + #endif + ++/* Parameters are rule info pointer, int to indicate URI or NORM, ++ * and list pointer */ ++#define CONTENT_NORMAL 0x01 ++#define CONTENT_HTTP_URI 0x02 ++#define CONTENT_HTTP_HEADER 0x04 ++#define CONTENT_HTTP_CLIENT_BODY 0x08 ++#define CONTENT_HTTP_METHOD 0x10 ++#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\ ++ CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD) ++ + #endif /* _SF_DYNAMIC_DEFINE_H_ */ + +Index: src/dynamic-plugins/sf_dynamic_engine.h +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v +retrieving revision 1.54.2.1 +diff -u -p -r1.54.2.1 sf_dynamic_engine.h +--- src/dynamic-plugins/sf_dynamic_engine.h 3 Jan 2011 19:58:06 -0000 1.54.2.1 ++++ src/dynamic-plugins/sf_dynamic_engine.h 17 Feb 2011 20:06:49 -0000 +@@ -77,15 +77,6 @@ typedef struct _FPContentInfo + + } FPContentInfo; + +-/* Parameters are rule info pointer, int to indicate URI or NORM, +- * and list pointer */ +-#define CONTENT_NORMAL 0x01 +-#define CONTENT_HTTP_URI 0x02 +-#define CONTENT_HTTP_HEADER 0x04 +-#define CONTENT_HTTP_CLIENT_BODY 0x08 +-#define CONTENT_HTTP_METHOD 0x10 +-#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\ +- CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD) + typedef int (*GetDynamicContentsFunction)(void *, int, FPContentInfo **); + typedef int (*GetDynamicPreprocOptFpContentsFunc)(void *, FPContentInfo **); + typedef void (*RuleFreeFunc)(void *); +Index: src/preprocessors/Stream5/snort_stream5_tcp.c +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v +retrieving revision 1.296.2.5 +diff -u -p -r1.296.2.5 snort_stream5_tcp.c +--- src/preprocessors/Stream5/snort_stream5_tcp.c 7 Jan 2011 20:06:05 -0000 1.296.2.5 ++++ src/preprocessors/Stream5/snort_stream5_tcp.c 17 Feb 2011 20:06:49 -0000 +@@ -816,12 +816,12 @@ void Stream5TcpRegisterRuleOptions(void) + RegisterPreprocessorRuleOption("stream_reassemble", &s5TcpStreamReassembleRuleOptionInit, + &s5TcpStreamReassembleRuleOptionEval, &s5TcpStreamReassembleRuleOptionCleanup, + NULL, NULL, NULL, NULL); +-#endif + + #ifdef PERF_PROFILING + RegisterPreprocessorProfile("stream_size", &streamSizePerfStats, 4, &preprocRuleOptionPerfStats); + RegisterPreprocessorProfile("reassemble", &streamReassembleRuleOptionPerfStats, 4, &preprocRuleOptionPerfStats); + #endif ++#endif + + } + diff --git a/net-analyzer/snort/snort/files/snort.confd b/net-analyzer/snort/snort/files/snort.confd new file mode 100644 index 0000000..c429ca6 --- /dev/null +++ b/net-analyzer/snort/snort/files/snort.confd @@ -0,0 +1,17 @@ +# Config file for /etc/init.d/snort + +# This tell snort which interface to listen on (any for every interface) +IFACE="eth1" + +# You do NOT want to change this +PIDPATH="/var/run/snort" +PIDFILE="snort_$IFACE.pid" + +# You probably don't want to change this, but in case you do +LOGDIR="/var/log/snort" + +# Probably not this either +CONF="/etc/snort/snort.conf" + +# This pulls in the options above +SNORT_OPTS="-D -u snort -i $IFACE -l $LOGDIR -c $CONF" diff --git a/net-analyzer/snort/snort/files/snort.confd.2 b/net-analyzer/snort/snort/files/snort.confd.2 new file mode 100644 index 0000000..780c910 --- /dev/null +++ b/net-analyzer/snort/snort/files/snort.confd.2 @@ -0,0 +1,16 @@ +# Config file for /etc/init.d/snort + +# The following options are now set in your snort.conf file: +# config set_gid: +# config set_uid: +# config snaplen: +# config bpf_file: +# config logdir: + +# The only options that should be set here are SNORT_IFACE and SNORT_CONF. + +# This tell snort which interface to listen on (any for every interface) +SNORT_IFACE="eth1" + +# Probably not this either +SNORT_CONF="/etc/snort/snort.conf" diff --git a/net-analyzer/snort/snort/files/snort.rc10 b/net-analyzer/snort/snort/files/snort.rc10 new file mode 100644 index 0000000..fa88cbd --- /dev/null +++ b/net-analyzer/snort/snort/files/snort.rc10 @@ -0,0 +1,50 @@ +#!/sbin/runscript +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc10,v 1.1 2010/11/02 18:22:10 patrick Exp $ + +opts="checkconfig reload" + +depend() { + need net + after mysql + after postgresql +} + +checkconfig() { + if [ ! -e $CONF ] ; then + eerror "You need a configuration file to run snort" + eerror "There is an example config in /etc/snort/snort.conf.distrib" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting snort" + start-stop-daemon --start --quiet --exec /usr/bin/snort \ + -- --nolock-pidfile --pid-path ${PIDPATH} ${SNORT_OPTS} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping snort" + start-stop-daemon --stop --quiet --pidfile ${PIDPATH}/${PIDFILE} + # Snort needs a few seconds to fully shutdown + sleep 15 + eend $? +} + +reload() { + if [ ! -f ${PIDPATH}/${PIDFILE} ]; then + eerror "Snort isn't running" + return 1 + fi + + checkconfig || return 1 + ebegin "Reloading Snort" + start-stop-daemon --stop --oknodo --signal HUP --pidfile ${PIDPATH}/${PIDFILE} + eend $? +} + + diff --git a/net-analyzer/snort/snort/files/snort.rc11 b/net-analyzer/snort/snort/files/snort.rc11 new file mode 100644 index 0000000..8277575 --- /dev/null +++ b/net-analyzer/snort/snort/files/snort.rc11 @@ -0,0 +1,57 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/files/snort.rc11,v 1.1 2011/09/22 17:39:51 patrick Exp $ + +opts="checkconfig reload" + +depend() { + need net + after mysql + after postgresql +} + +checkconfig() { + if [ ! -e ${SNORT_CONF} ] ; then + eerror "You need a configuration file to run snort" + eerror "There is an example config in /etc/snort/snort.conf.distrib" + return 1 + fi +} + +start() { + checkconfig || return 1 + ebegin "Starting snort" + start-stop-daemon --start --quiet --exec /usr/bin/snort \ + -- --nolock-pidfile --pid-path /var/run/snort -D -i ${SNORT_IFACE} \ + -c ${SNORT_CONF} >/dev/null 2>&1 + eend $? +} + +stop() { + ebegin "Stopping snort" + start-stop-daemon --stop --quiet --pidfile /var/run/snort/snort_${SNORT_IFACE}.pid + # Snort needs a few seconds to fully shutdown + sleep 15 + eend $? +} + +reload() { + + local SNORT_PID="`cat /var/run/snort/snort_${SNORT_IFACE}.pid`" + local SNORT_USER="`ps -p ${SNORT_PID} --no-headers -o user`" + + if [ ! -f /var/run/snort/snort_${SNORT_IFACE}.pid ]; then + eerror "Snort isn't running" + return 1 + elif [ ${SNORT_USER} != root ]; then + eerror "Snort must be running as root for reload to work!" + return 1 + else + checkconfig || return 1 + ebegin "Reloading Snort" + start-stop-daemon --signal HUP --pidfile /var/run/snort/snort_${SNORT_IFACE}.pid + fi +} + + diff --git a/net-analyzer/snort/snort/snort-2.9.3.1.ebuild b/net-analyzer/snort/snort/snort-2.9.3.1.ebuild new file mode 100644 index 0000000..35a2583 --- /dev/null +++ b/net-analyzer/snort/snort/snort-2.9.3.1.ebuild @@ -0,0 +1,264 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snort/snort-2.9.2.3.ebuild,v 1.4 2012/06/27 18:18:52 maekke Exp $ + +EAPI="2" +inherit autotools multilib user + +DESCRIPTION="The de facto standard for intrusion detection/prevention" +HOMEPAGE="http://www.snort.org/" +SRC_URI="http://www.snort.org/dl/snort-current/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86" +IUSE="static +dynamicplugin +zlib +gre +mpls +targetbased +decoder-preprocessor-rules ++ppm +perfprofiling linux-smp-stats inline-init-failopen +threads debug +active-response ++normalizer reload-error-restart +react +flexresp3 +paf large-pcap-64bit +aruba mysql odbc postgres selinux" + +DEPEND=">=net-libs/libpcap-1.0.0 + >=net-libs/daq-0.6 + >=dev-libs/libpcre-6.0 + dev-libs/libdnet + postgres? ( dev-db/postgresql-base ) + mysql? ( virtual/mysql ) + odbc? ( dev-db/unixODBC ) + zlib? ( sys-libs/zlib )" + +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-snort )" + +pkg_setup() { + + if use zlib && ! use dynamicplugin; then + eerror "You have enabled the 'zlib' USE flag but not the 'dynamicplugin' USE flag." + eerror "'zlib' requires 'dynamicplugin' be enabled." + die + fi + + # pre_inst() is a better place to put this + # but we need it here for the 'fowners' statements in src_install() + enewgroup snort + enewuser snort -1 -1 /dev/null snort + +} + +src_prepare() { + + #Multilib fix for the sf_engine + einfo "Applying multilib fix." + sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \ + "${WORKDIR}/${P}/src/dynamic-plugins/sf_engine/Makefile.am" \ + || die "sed for sf_engine failed" + + #Multilib fix for the curent set of dynamic-preprocessors + for i in ftptelnet smtp ssh dns ssl dcerpc2 sdf imap pop rzb_saac sip reputation gtp modbus dnp3; do + sed -i -e 's|${exec_prefix}/lib|${exec_prefix}/'$(get_libdir)'|g' \ + "${WORKDIR}/${P}/src/dynamic-preprocessors/$i/Makefile.am" \ + || die "sed for $i failed." + done + + AT_M4DIR=m4 eautoreconf +} + +src_configure() { + + econf \ + $(use_enable !static shared) \ + $(use_enable static) \ + $(use_enable static so-with-static-lib) \ + $(use_enable dynamicplugin) \ + $(use_enable zlib) \ + $(use_enable gre) \ + $(use_enable mpls) \ + $(use_enable targetbased) \ + $(use_enable decoder-preprocessor-rules) \ + $(use_enable ppm) \ + $(use_enable perfprofiling) \ + $(use_enable linux-smp-stats) \ + $(use_enable inline-init-failopen) \ + $(use_enable threads pthread) \ + $(use_enable debug) \ + $(use_enable debug debug-msgs) \ + $(use_enable debug corefiles) \ + $(use_enable !debug dlclose) \ + $(use_enable active-response) \ + $(use_enable normalizer) \ + $(use_enable reload-error-restart) \ + $(use_enable react) \ + $(use_enable flexresp3) \ + $(use_enable paf) \ + $(use_enable large-pcap-64bit large-pcap) \ + $(use_enable aruba) \ + $(use_with mysql) \ + $(use_with odbc) \ + $(use_with postgres postgresql) \ + --enable-ipv6 \ + --enable-reload \ + --disable-prelude \ + --disable-build-dynamic-examples \ + --disable-profile \ + --disable-ppm-test \ + --disable-intel-soft-cpm \ + --disable-static-daq \ + --disable-rzb-saac \ + --without-oracle +} + +src_install() { + + emake DESTDIR="${D}" install || die "emake failed" + + dodir /var/log/snort \ + /var/run/snort \ + /etc/snort/rules \ + /etc/snort/so_rules \ + /usr/$(get_libdir)/snort_dynamicrules \ + || die "Failed to create core directories" + + # config.log and build.log are needed by Sourcefire + # to trouble shoot build problems and bug reports so we are + # perserving them incase the user needs upstream support. + dodoc RELEASE.NOTES ChangeLog \ + doc/* \ + tools/u2boat/README.u2boat \ + || die "Failed to install snort docs" + + insinto /etc/snort + doins etc/attribute_table.dtd \ + etc/classification.config \ + etc/gen-msg.map \ + etc/reference.config \ + etc/threshold.conf \ + etc/unicode.map || die "Failed to install docs in etc" + + # We use snort.conf.distrib because the config file is complicated + # and the one shipped with snort can change drastically between versions. + # Users should migrate setting by hand and not with etc-update. + newins etc/snort.conf snort.conf.distrib \ + || die "Failed to add snort.conf.distrib" + + # config.log and build.log are needed by Sourcefire + # to troubleshoot build problems and bug reports so we are + # perserving them incase the user needs upstream support. + # 'die' was intentionally not added here. + if [ -f "${WORKDIR}/${PF}/config.log" ]; then + dodoc "${WORKDIR}/${PF}/config.log" + fi + if [ -f "${T}/build.log" ]; then + dodoc "${T}/build.log" + fi + + insinto /etc/snort/preproc_rules + doins preproc_rules/decoder.rules \ + preproc_rules/preprocessor.rules \ + preproc_rules/sensitive-data.rules || die "Failed to install preproc rule files" + + fowners -R snort:snort \ + /var/log/snort \ + /var/run/snort \ + /etc/snort || die + + newinitd "${FILESDIR}/snort.rc11" snort || die "Failed to install snort init script" + newconfd "${FILESDIR}/snort.confd.2" snort || die "Failed to install snort confd file" + + # Sourcefire uses Makefiles to install docs causing Bug #297190. + # This removes the unwanted doc directory and rogue Makefiles. + rm -rf "${D}"usr/share/doc/snort || die "Failed to remove SF doc directories" + rm "${D}"usr/share/doc/"${PF}"/Makefile* || die "Failed to remove doc make files" + + #Remove unneeded .la files (Bug #382863) + rm "${D}"usr/$(get_libdir)/snort_dynamicengine/libsf_engine.la || die + rm "${D}"usr/$(get_libdir)/snort_dynamicpreprocessor/libsf_*_preproc.la || die "Failed to remove libsf_?_preproc.la" + + # Set the correct lib path for dynamicengine, dynamicpreprocessor, and dynamicdetection + sed -i -e 's|/usr/local/lib|/usr/'$(get_libdir)'|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the correct rule location in the config + sed -i -e 's|RULE_PATH ../rules|RULE_PATH /etc/snort/rules|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the correct preprocessor/decoder rule location in the config + sed -i -e 's|PREPROC_RULE_PATH ../preproc_rules|PREPROC_RULE_PATH /etc/snort/preproc_rules|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Enable the preprocessor/decoder rules + sed -i -e 's|^# include $PREPROC_RULE_PATH|include $PREPROC_RULE_PATH|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + sed -i -e 's|^# dynamicdetection directory|dynamicdetection directory|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Just some clean up of trailing /'s in the config + sed -i -e 's|snort_dynamicpreprocessor/$|snort_dynamicpreprocessor|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Make it clear in the config where these are... + sed -i -e 's|^include classification.config|include /etc/snort/classification.config|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + sed -i -e 's|^include reference.config|include /etc/snort/reference.config|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Disable all rule files by default. + sed -i -e 's|^include $RULE_PATH|# include $RULE_PATH|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Disable normalizer preprocessor config if normalizer USE flag not set. + if ! use normalizer; then + sed -i -e 's|^preprocessor normalize|#preprocessor normalize|g' \ + "${D}etc/snort/snort.conf.distrib" || die + fi + + # Set the configured DAQ to afpacket + sed -i -e 's|^# config daq: <type>|config daq: afpacket|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the location of the DAQ modules + sed -i -e 's|^# config daq_dir: <dir>|config daq_dir: /usr/'$(get_libdir)'/daq|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the DAQ mode to passive + sed -i -e 's|^# config daq_mode: <mode>|config daq_mode: passive|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set snort to run as snort:snort + sed -i -e 's|^# config set_gid:|config set_gid: snort|g' \ + "${D}etc/snort/snort.conf.distrib" || die + sed -i -e 's|^# config set_uid:|config set_uid: snort|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the default log dir + sed -i -e 's|^# config logdir:|config logdir: /var/log/snort/|g' \ + "${D}etc/snort/snort.conf.distrib" || die + + # Set the correct so_rule location in the config + sed -i -e 's|SO_RULE_PATH ../so_rules|SO_RULE_PATH /etc/snort/so_rules|g' \ + "${D}etc/snort/snort.conf.distrib" || die +} + +pkg_postinst() { + + einfo "There have been a number of improvements and new features" + einfo "added to ${P}. Please review the RELEASE.NOTES and" + einfo "ChangLog located in /usr/share/doc/${PF}." + einfo + elog "The Sourcefire Vulnerability Research Team (VRT) recommends that" + elog "users migrate their snort.conf customizations to the latest config" + elog "file released by the VRT. You can find the latest version of the" + elog "Snort config file in /etc/snort/snort.conf.distrib." + elog + elog "!! It is important that you migrate to this new snort.conf file !!" + elog + elog "This version of the ebuild includes an updated init.d file and" + elog "conf.d file that rely on options found in the latest Snort" + elog "config file provided by the VRT." + + if use debug; then + elog "You have the 'debug' USE flag enabled. If this has been done to" + elog "troubleshoot an issue by producing a core dump or a back trace," + elog "then you need to also ensure the FEATURES variable in make.conf" + elog "contains the 'nostrip' option." + fi +} diff --git a/net-libs/daq/daq-1.1.1.ebuild b/net-libs/daq/daq-1.1.1.ebuild new file mode 100644 index 0000000..37b8338 --- /dev/null +++ b/net-libs/daq/daq-1.1.1.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-libs/daq/daq-0.6.2.ebuild,v 1.6 2012/07/18 19:45:36 jer Exp $ + +EAPI="2" + +inherit eutils multilib + +DESCRIPTION="Data Acquisition library, for packet I/O" +HOMEPAGE="http://www.snort.org/" +SRC_URI="" +RESTRICT="fetch" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~arm ~mips ~ppc x86" +IUSE="ipv6 +afpacket +dump +pcap nfq ipq static-libs" + +DEPEND="pcap? ( >=net-libs/libpcap-1.0.0 ) + dump? ( >=net-libs/libpcap-1.0.0 ) + nfq? ( dev-libs/libdnet + >=net-firewall/iptables-1.4.10 + net-libs/libnetfilter_queue ) + ipq? ( dev-libs/libdnet + >=net-firewall/iptables-1.4.10 + net-libs/libnetfilter_queue )" + +RDEPEND="${DEPEND}" + +src_configure() { + econf \ + $(use_enable ipv6) \ + $(use_enable pcap pcap-module) \ + $(use_enable afpacket afpacket-module) \ + $(use_enable dump dump-module) \ + $(use_enable nfq nfq-module) \ + $(use_enable ipq ipq-module) \ + $(use_enable static-libs static) \ + --disable-ipfw-module \ + --disable-bundled-modules +} + +src_install() { + emake DESTDIR="${D}" install || die "make install failed" + dodoc ChangeLog README + + # Remove unneeded .la files + for x in pcap afpacket dump nfq ipq; do + rm "${D}"usr/lib64/daq/daq_${x}.la + done + for y in libdaq libdaq_static libdaq_static_modules libsfbpf; do + rm "${D}"usr/lib64/${y}.la + done + + # If not using static-libs don't install the static libraries + # This has been bugged upstream + if ! use static-libs; then + for z in libdaq_static libdaq_static_modules; do + rm "${D}"usr/lib64/${z}.a + done + fi +} + +pkg_postinst() { + einfo "The Data Acquisition library (DAQ) for packet I/O replaces direct" + einfo "calls to PCAP functions with an abstraction layer that facilitates" + einfo "operation on a variety of hardware and software interfaces without" + einfo "requiring changes to application such as Snort." + einfo + einfo "Please see the README file for DAQ for information about specific" + einfo "DAQ modules." +} |