When I run “suricata-update,” the following is logged:
Traceback (most recent call last):
File "/usr/local/bin/suricata-update", line 32, in <module>
from suricata.update import main
ModuleNotFoundError: No module named 'suricata.update'
I’m not familiar with OpenSuse, but I wonder if the same thing is happening as on Fedora 36.
Was a /usr/local/local created?
Can you run find /usr/local -name enablesource.py and show me where it went?
In short, distributions are making changes to the way Python installs stuff when using distutils that breaks things. Here is the issue specific to Fedora, but other distributions are doing the same: https://bugzilla.redhat.com/show_bug.cgi?id=2026979
To fix it, we have stopped using distutils to install our Python code, however that is not in 6.0.6, but will be in the next point release.
The Fedora work-around is to:
export RPM_BUILD_ROOT=fake
make install
I wonder if that would help with OpenSuse as well, given it uses RPM.
Ok, I just tried on the opensuse/tumbleweed:latest docker image and it all worked fine, but of course thats a fresh install with one version of Python installed. You could…
head -n1 /usr/local/bin/suricata-update to see what version of Python that is using.
Run the Python path shown in the above and make sure it aligns with one of the versions you have in /usr/local/lib, to help find where the discrepancy is.
Ok. Not too sure how much I can help you out with Python on OpenSuse… But your Python interpreter being picked up by Suricata is 3.10, but there is no suricata-update installed for that version of Python. Did you perhaps upgrade python after installing Suricata? Are you using sudo to install but not for configure perhaps resulting in different Python binaries being picked up?
One common issue is that you install Suricata with Python 3.9 and all works. Then your system updates the default Python to 3.10 and things break, requiring Suricata to be installed again, right from the ./configure. The changes in the next patch release should resolve that as well.