summarylogtreecommitdiffstats
path: root/PKGBUILD
blob: d89a888b7c3a92c4c6e7142bd748555c3871812d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# Maintainer: Max L├╝bke <maxluebke(at)gmail.com>
# Contributor: Jeremy MountainJohnson <jay@jskier.com>
# Contributor: Amish <contact at via dot aur>
# Contributor: Aaron McDaniel (mcd1992) <'aur' at the domain 'fgthou.se'>

pkgname=suricata-git
_pkgname=${pkgname%-git}
pkgver=7.0.0.r30.g427d2a71d5
pkgrel=1
pkgdesc="A high performance Network IDS, IPS and Network Security Monitoring engine"
arch=('i686' 'x86_64')
url="https://suricata.io/"
license=('GPL2')
makedepends=('rust' 'clang' 'cbindgen' 'llvm' 'git')
depends=('hyperscan' 'jansson' 'libbpf' 'libcap-ng' 'libmagic.so' 'libmaxminddb' 'libnet' 'libpcap' 'libunwind' 'libyaml' 'lua' 'pcre2' 'python-yaml')
optdepends=('geoipupdate: GeoIP2 databases')
provides=('suricata')
conflicts=('suricata')
source=(${_pkgname}::git+https://github.com/OISF/suricata.git
       suricata-update.{service,timer}
)
sha256sums=('SKIP'
            '57505c464d30623c9d6611ca4b5d08a580c0116b20a4280f39c3720a3f369a92'
            '330c93e72a02f4f80972ab1641ee550b32cfdc2f40c78331294bcc009af06d71')

pkgver() {
  cd "${srcdir}/${_pkgname}"

  # Remove 'suricata' prefix; remove 'v' prefix on tags; prefix revision with 'r'; replace all '-' with '.'
  git describe --long | sed 's/suricata\-//g;s/^v//;s/\([^-]*-g\)/r\1/;s/-/./g'
}

prepare() {
  cd "${srcdir}/${_pkgname}"
  ./scripts/bundle.sh
  ./autogen.sh
}

build() {
  cd "${srcdir}/${_pkgname}"
  ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
      --with-clang=/usr/bin/clang --without-docs \
      --enable-ebpf --enable-ebpf-build \
      --disable-gccmarch-native --enable-lua --enable-geoip
  make
}

package() {
  cd "${srcdir}/${_pkgname}"
  make DESTDIR="${pkgdir}" install

  install -Dm644 -t "${pkgdir}/etc/${_pkgname}" "${_pkgname}".yaml threshold.config etc/{classification.config,reference.config}
  install -Dm644 "${_pkgname}".yaml "${pkgdir}/etc/${_pkgname}/${_pkgname}.yaml.default"
  install -Dm644 /dev/null "${pkgdir}/etc/${_pkgname}/local.yaml"

  echo "include: local.yaml" >> "${pkgdir}/etc/${_pkgname}/${_pkgname}.yaml"
  sed -i -e 's:/var/run:/run/suricata:g' \
    -e 's:^#magic-file\: /.*:magic-file\: /usr/share/file/misc/magic.mgc:' \
    -e '/^  - suricata.rules/ a \ \ - local.rules' \
    -e 's/^#run-as:/run-as:/' \
    -e 's/^#  user:.*/  user: suricata/' \
    -e 's/^#  group:.*/  group: suricata/' \
    -e 's/^# threshold-file:/threshold-file:/' \
    "${pkgdir}/etc/${_pkgname}/${_pkgname}.yaml"

  install -Dm644 etc/"${_pkgname}".logrotate "${pkgdir}/etc/logrotate.d/${_pkgname}"
  sed -i -e 's:/var/run:/run/suricata:g' \
    "${pkgdir}/etc/logrotate.d/${_pkgname}"
  install -Dm644 -t "${pkgdir}"/usr/lib/systemd/system etc/"${_pkgname}".service "${srcdir}"/suricata-update.{service,timer}
  sed -i -e 's:/var/run:/run/suricata:g' \
    -e 's:^Description=.*:Description=Suricata IDS/IPS daemon:g' \
    -e 's:^After=.*:After=network.target:g' \
    -e 's:^ExecStartPre=.*:PIDFile=suricata/suricata.pid:g' \
    -e 's:^ExecStart=.*:ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /run/suricata/suricata.pid --af-packet :g' \
    "${pkgdir}/usr/lib/systemd/system/${_pkgname}.service"

  echo "u suricata -" | install -Dm644 /dev/stdin "${pkgdir}/usr/lib/sysusers.d/${_pkgname}.conf"
  install -Dm644 /dev/stdin "${pkgdir}/usr/lib/tmpfiles.d/${_pkgname}.conf" << 'EOF'
d /run/suricata 0750 suricata suricata
d /var/log/suricata 0755 suricata suricata
d /var/lib/suricata 0750 suricata suricata
d /var/lib/suricata/rules 0750 suricata suricata
d /var/lib/suricata/update 0750 suricata suricata
f /var/lib/suricata/rules/local.rules 0640 suricata suricata
EOF
}