path: root/security/suricata/Makefile

PORTNAME=	suricata
DISTVERSION=	6.0.3
PORTREVISION=	3
CATEGORIES=	security
MASTER_SITES=	https://www.openinfosecfoundation.org/download/

MAINTAINER=	franco@opnsense.org
COMMENT=	High Performance Network IDS, IPS and Security Monitoring engine

LICENSE=	GPLv2
LICENSE_FILE=	${WRKSRC}/LICENSE

BUILD_DEPENDS=	rustc:lang/${RUST_DEFAULT}
LIB_DEPENDS=	libjansson.so:devel/jansson \
		libpcre.so:devel/pcre \
		libnet.so:net/libnet \
		liblz4.so:archivers/liblz4 \
		libyaml.so:textproc/libyaml

USES=		autoreconf cpe gmake iconv:translit libtool localbase \
		pathfix pkgconfig

CPE_VENDOR=	openinfosecfoundation

USE_LDCONFIG=	yes
USE_RC_SUBR=	${PORTNAME}

GNU_CONFIGURE=	yes
CONFIGURE_ARGS+=--enable-gccprotect \
		--enable-bundled-htp \
	        --disable-gccmarch-native
MAKE_ENV=	RUSTFLAGS="${RUSTFLAGS} -C linker=${CC:Q} ${LDFLAGS:C/.+/-C link-arg=&/}"

INSTALL_TARGET=		install-strip
TEST_TARGET=		check

CONFLICTS_INSTALL=	libhtp

SUB_FILES=	pkg-message
PLIST_SUB=	PORTVERSION=${DISTVERSION:C/-/_/g}

OPTIONS_DEFINE=		GEOIP IPFW NETMAP NSS PORTS_PCAP PRELUDE \
			PYTHON REDIS TESTS
OPTIONS_DEFINE_amd64=	HYPERSCAN
OPTIONS_DEFAULT=	IPFW NETMAP PYTHON

OPTIONS_RADIO=		SCRIPTS
OPTIONS_RADIO_SCRIPTS=	LUA LUAJIT

OPTIONS_SUB=		yes

PRELUDE_BROKEN=		Compilation broken, see https://redmine.openinfosecfoundation.org/issues/4065

GEOIP_DESC=		GeoIP support
HYPERSCAN_DESC=		Hyperscan support
IPFW_DESC=		IPFW and IP Divert support for inline IDP
LUAJIT_DESC=		LuaJIT scripting support
LUA_DESC=		LUA scripting support
NETMAP_DESC=		Netmap support for inline IDP
NSS_DESC=		File checksums and SSL/TLS fingerprinting
PORTS_PCAP_DESC=	Use libpcap from ports
PRELUDE_DESC=		Prelude support for NIDS alerts
PYTHON_DESC=		Python-based update and control utilities
REDIS_DESC=		Redis output support
SCRIPTS_DESC=		Scripting
TESTS_DESC=		Unit tests in suricata binary

GEOIP_LIB_DEPENDS=		libmaxminddb.so:net/libmaxminddb
GEOIP_CONFIGURE_ON=		--enable-geoip

HYPERSCAN_LIB_DEPENDS=		libhs.so:devel/hyperscan

IPFW_CONFIGURE_ON=		--enable-ipfw

LUAJIT_LIB_DEPENDS=		libluajit-5.1.so:lang/luajit-openresty
LUAJIT_CONFIGURE_ON=		--enable-luajit

LUA_USES=			lua:51
LUA_CONFIGURE_ON=		--enable-lua

NETMAP_CONFIGURE_ENABLE=	netmap

NSS_LIB_DEPENDS=		libnss3.so:security/nss \
				libnspr4.so:devel/nspr
NSS_CONFIGURE_OFF=		--disable-nss --disable-nspr

PORTS_PCAP_LIB_DEPENDS=		libpcap.so.1:net/libpcap

PRELUDE_LIB_DEPENDS=		libprelude.so:security/libprelude \
				libgnutls.so:security/gnutls \
				libgcrypt.so:security/libgcrypt \
				libgpg-error.so:security/libgpg-error \
				libltdl.so:devel/libltdl
PRELUDE_CONFIGURE_ON=		--with-libprelude-prefix=${LOCALBASE}
PRELUDE_CONFIGURE_ENABLE=	prelude

PYTHON_BUILD_DEPENDS=		${PYTHON_RUN_DEPENDS}
PYTHON_RUN_DEPENDS=		${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR}
PYTHON_USES=			python
PYTHON_USE=			PYTHON=py3kplist
PYTHON_CONFIGURE_ENABLE=	python

REDIS_LIB_DEPENDS=		libhiredis.so:databases/hiredis \
				libevent_pthreads.so:devel/libevent
REDIS_CONFIGURE_ON=		--enable-hiredis \

TESTS_CONFIGURE_ENABLE=		unittests

pre-patch:
	@${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4

post-patch:
# Disable vendor checksums
	@${REINPLACE_CMD} 's,"files":{[^}]*},"files":{},' \
		${WRKSRC}/rust/vendor/*/.cargo-checksum.json

post-patch-PYTHON-on:
	@${REINPLACE_CMD} -e "/AC_PATH_PROGS.*HAVE_PYTHON/ s/python[^,]*,/${PYTHON_VERSION},/g" \
		${WRKSRC}/configure.ac

post-install:
	@${MKDIR} ${STAGEDIR}${ETCDIR} ${STAGEDIR}/var/log/suricata
.for f in classification.config reference.config
	@${MV} ${STAGEDIR}${DATADIR}/${f} ${STAGEDIR}${ETCDIR}/${f}.sample
.endfor
.for f in suricata.yaml threshold.config
	${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${ETCDIR}/${f}.sample
.endfor

post-install-PYTHON-on:
	(cd ${STAGEDIR}${PREFIX} \
	&& ${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py \
	-d ${PYTHONPREFIX_SITELIBDIR} -f ${PYTHONPREFIX_SITELIBDIR:S;${PREFIX}/;;})

.include <bsd.port.mk>