%global commit a1ee536daa8ba5519745d6a1d3c4a6016a85eb7f %global shortcommit %(c=%{commit}; echo ${c:0:7}) %global upstreamname suricata Summary: Intrusion Detection System Name: suricata_dev Version: 5.0.0 Release: 4.20191011%{shortcommit}%{?dist} License: GPLv2 Group: Applications/Internet URL: http://suricata-ids.org/ Source0: https://github.com/OISF/suricata/archive/%{commit}/%{upstreamname}-%{shortcommit}.tar.gz Source1: suricata.service Source2: suricata.sysconfig Source3: suricata.logrotate Source5: suricata-tmpfiles.conf Patch1: norulesdoc.patch Patch2: norulesfiles.patch BuildRequires: libyaml-devel BuildRequires: libnfnetlink-devel BuildRequires: libnetfilter_queue-devel BuildRequires: libnet-devel BuildRequires: zlib-devel BuildRequires: libpcap-devel BuildRequires: pcre-devel BuildRequires: libcap-ng-devel BuildRequires: nspr-devel BuildRequires: nss-devel BuildRequires: nss-softokn-devel BuildRequires: file-devel BuildRequires: jansson-devel BuildRequires: GeoIP-devel BuildRequires: libmaxminddb-devel BuildRequires: python2-devel BuildRequires: lz4-devel BuildRequires: xz-devel BuildRequires: lua-devel BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool BuildRequires: systemd BuildRequires: hiredis-devel BuildRequires: libevent-devel BuildRequires: rust BuildRequires: cargo BuildRequires: git %ifarch x86_64 BuildRequires: hyperscan-devel %endif Requires(pre): /usr/sbin/useradd Requires(post): systemd Requires(preun): systemd Requires(postun): systemd %description The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP Matching, and GeoIP identification. %prep %setup -n suricata %patch1 -p0 %patch2 -p0 autoreconf -fv --install %build # Required for Hyperscan on CentOS 7 and Oracle. %if 0%{?centos} || 0%{?orcl} == 7 export LIBS="-lstdc++ -lm -lgcc_s -lgcc -lc -lgcc_s -lgcc" %endif %configure --enable-gccprotect --enable-pie --disable-gccmarch-native --disable-coccinelle --enable-nfqueue --enable-af-packet --with-libnspr-includes=/usr/include/nspr4 --with-libnss-includes=/usr/include/nss3 --enable-jansson --enable-geoip --enable-lua --enable-hiredis --enable-rust --disable-suricata-update --program-suffix=_dev --enable-python --enable-shared=no --prefix=/usr/local %make_build %install make DESTDIR="%{buildroot}" install # Setup etc directory mkdir -p %{buildroot}%{_sysconfdir}/%{name} install -m 0600 *.config %{buildroot}%{_sysconfdir}/%{name} install -m 0600 suricata.yaml %{buildroot}%{_sysconfdir}/%{name} mkdir -p %{buildroot}%{_unitdir} install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/ mkdir -p %{buildroot}%{_sysconfdir}/sysconfig install -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{name} # Set up logging mkdir -p %{buildroot}/%{_var}/log/%{name} mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} # set up directories mkdir -p %{buildroot}/%{_docdir}/%{name} mkdir -p %{buildroot}/%{_datarootdir}/%{name} # Remove a couple things so they don't get picked up rm -rf %{buildroot}%{_includedir} rm -f %{buildroot}%{_libdir}/libhtp.la rm -f %{buildroot}%{_libdir}/libhtp.a rm -f %{buildroot}%{_libdir}/libhtp.so rm -rf %{buildroot}%{_libdir}/pkgconfig # Setup tmpdirs mkdir -p %{buildroot}%{_tmpfilesdir} install -m 0644 %{SOURCE5} %{buildroot}%{_tmpfilesdir}/%{name}.conf mkdir -p %{buildroot}/run install -d -m 0755 %{buildroot}/run/%{name}/ %clean rm -rf %{buildroot} %pre getent passwd suricata >/dev/null || useradd -r -M -s /sbin/nologin suricata %post /sbin/ldconfig %systemd_post %{name}.service %preun %systemd_preun %{name}.service %postun /sbin/ldconfig %systemd_postun_with_restart suricata.service %files %{_bindir}/%{name} %{_prefix}/local/bin/suricatactl %{_prefix}/local/bin/suricatasc %{_docdir}/%{name} %{_datarootdir}/%{name} %{!?_licensedir:%global license %%doc} %license COPYING %{_prefix}/local/lib/python2.7/site-packages/suricata* %config(noreplace) %attr(-,suricata,-) %{_sysconfdir}/%{name}/suricata.yaml %config(noreplace) %attr(-,suricata,-) %{_sysconfdir}/%{name}/*.config %config(noreplace) %attr(0600,suricata,root) %{_sysconfdir}/sysconfig/%{name} %attr(644,root,root) %{_unitdir}/suricata.service %config(noreplace) %attr(644,root,root) %{_sysconfdir}/logrotate.d/%{name} %attr(750,suricata,root) %dir %{_var}/log/%{name} %attr(750,suricata,root) %dir %{_sysconfdir}/%{name} %attr(750,suricata,root) %dir /run/%{name}/ %{_tmpfilesdir}/%{name}.conf %changelog