summaryrefslogtreecommitdiff
path: root/security/suricata/Makefile
blob: 3ca2ff7e43783a9c8d06b5e84385d2a3526ebcc1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
PORTNAME=	suricata
DISTVERSION=	6.0.11
CATEGORIES=	security
MASTER_SITES=	https://www.openinfosecfoundation.org/download/

MAINTAINER=	franco@opnsense.org
COMMENT=	High Performance Network IDS, IPS and Security Monitoring engine
WWW=		https://suricata-ids.org

LICENSE=	GPLv2
LICENSE_FILE=	${WRKSRC}/LICENSE

BUILD_DEPENDS=	rustc:lang/${RUST_DEFAULT}
LIB_DEPENDS=	libjansson.so:devel/jansson \
		liblz4.so:archivers/liblz4 \
		libnet.so:net/libnet \
		libpcre.so:devel/pcre \
		libyaml.so:textproc/libyaml

USES=		autoreconf cpe gmake iconv:translit libtool localbase pathfix \
		pkgconfig shebangfix
SHEBANG_FILES=	python/suricata/sc/suricatasc.py

CPE_VENDOR=	openinfosecfoundation

USE_LDCONFIG=	yes
USE_RC_SUBR=	${PORTNAME}

GNU_CONFIGURE=		yes
CONFIGURE_ARGS+=	--disable-gccmarch-native \
			--enable-bundled-htp \
			--enable-gccprotect
MAKE_ENV=		RUSTFLAGS="${RUSTFLAGS} -C linker=${CC:Q} ${LDFLAGS:C/.+/-C link-arg=&/}"

INSTALL_TARGET=	install-strip
TEST_TARGET=	check

CONFLICTS_INSTALL=	libhtp

SUB_FILES=	pkg-message

OPTIONS_DEFINE=		GEOIP IPFW NETMAP NSS PORTS_PCAP PRELUDE PYTHON REDIS \
			TESTS
OPTIONS_DEFINE_amd64=	HYPERSCAN
OPTIONS_DEFAULT=	IPFW NETMAP PYTHON

OPTIONS_RADIO=		SCRIPTS
OPTIONS_RADIO_SCRIPTS=	LUA LUAJIT

OPTIONS_SUB=	yes

PRELUDE_BROKEN=	Compilation broken, see https://redmine.openinfosecfoundation.org/issues/4065

GEOIP_DESC=		GeoIP support
HYPERSCAN_DESC=		Hyperscan support
IPFW_DESC=		IPFW and IP Divert support for inline IDP
LUAJIT_DESC=		LuaJIT scripting support
LUA_DESC=		LUA scripting support
NETMAP_DESC=		Netmap support for inline IDP
NSS_DESC=		File checksums and SSL/TLS fingerprinting
PORTS_PCAP_DESC=	Use libpcap from ports
PRELUDE_DESC=		Prelude support for NIDS alerts
PYTHON_DESC=		Python-based update and control utilities
REDIS_DESC=		Redis output support
SCRIPTS_DESC=		Scripting
TESTS_DESC=		Unit tests in suricata binary

GEOIP_LIB_DEPENDS=	libmaxminddb.so:net/libmaxminddb
GEOIP_CONFIGURE_ON=	--enable-geoip

HYPERSCAN_LIB_DEPENDS=	libhs.so:devel/hyperscan

IPFW_CONFIGURE_ON=	--enable-ipfw

LUAJIT_USES=		luajit
LUAJIT_CONFIGURE_ON=	--enable-luajit

LUA_USES=		lua:51
LUA_CONFIGURE_ON=	--enable-lua

NETMAP_CONFIGURE_ENABLE=	netmap # netmap-v14

NSS_LIB_DEPENDS=	libnspr4.so:devel/nspr \
			libnss3.so:security/nss
NSS_CONFIGURE_OFF=	--disable-nspr \
			--disable-nss

PORTS_PCAP_LIB_DEPENDS=	libpcap.so.1:net/libpcap

PRELUDE_LIB_DEPENDS=		libgcrypt.so:security/libgcrypt \
				libgnutls.so:security/gnutls \
				libgpg-error.so:security/libgpg-error \
				libltdl.so:devel/libltdl \
				libprelude.so:security/libprelude
PRELUDE_CONFIGURE_ON=		--with-libprelude-prefix=${LOCALBASE}
PRELUDE_CONFIGURE_ENABLE=	prelude

PYTHON_BUILD_DEPENDS=		${PYTHON_RUN_DEPENDS}
PYTHON_RUN_DEPENDS=		${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR}
PYTHON_USES=			python
PYTHON_CONFIGURE_ENABLE=	python

REDIS_LIB_DEPENDS=	libevent_pthreads.so:devel/libevent \
			libhiredis.so:databases/hiredis
REDIS_CONFIGURE_ON=	--enable-hiredis
TESTS_CONFIGURE_ENABLE=	unittests

pre-patch:
	@${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4

post-patch:
# Disable vendor checksums
	@${REINPLACE_CMD} 's,"files":{[^}]*},"files":{},' \
		${WRKSRC}/rust/vendor/*/.cargo-checksum.json

post-patch-PYTHON-on:
	@${REINPLACE_CMD} -e "/AC_PATH_PROGS.*HAVE_PYTHON/ s/python[^,]*,/${PYTHON_VERSION},/g" \
		${WRKSRC}/configure.ac

post-install:
	@${MKDIR} ${STAGEDIR}${ETCDIR} ${STAGEDIR}/var/log/suricata
.for f in classification.config reference.config
	@${MV} ${STAGEDIR}${DATADIR}/${f} ${STAGEDIR}${ETCDIR}/${f}.sample
.endfor
.for f in suricata.yaml threshold.config
	${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${ETCDIR}/${f}.sample
.endfor

post-install-PYTHON-on:
	(cd ${STAGEDIR}${PREFIX} \
	&& ${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py \
	-d /usr/local/lib/suricata/python -f lib/suricata/python)
.for f in disable.conf drop.conf enable.conf modify.conf threshold.in update.yaml
	${INSTALL_DATA} ${WRKSRC}/suricata-update/suricata/update/configs/${f} \
	${STAGEDIR}${PREFIX}/lib/suricata/python/suricata/update/configs
.endfor

.include <bsd.port.mk>