[Bug 284377] security/suricata: fix suricata-update baked in paths to JustWork on FreeBSD

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 284377] security/suricata: fix suricata-update baked in paths to JustWork on FreeBSD"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 19 Feb 2025 21:03:47 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284377

yds <yds@Necessitu.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #257020|0                           |1
        is obsolete|                            |

--- Comment #2 from yds <yds@Necessitu.de> ---
Created attachment 257675
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=257675&action=edit
fix suricata-update baked in paths to JustWork on FreeBSD

Cheers Franco,

> Can we please start with one single most useful change?

removed PIE configure flag and the the startup order changes.  those are
unrelated to the rest of this patch and warrant a separate conversation.

> It's changing too many things and the impact is unclear as well as
> importance "affects many people" seems a little strange for years
> of port working fine. But maybe that's just me.

this patch is difficult to simplify any further since it fixes all the paths I
could find to match how the rest of this port has been configured to comply
with FreeBSD's hier(7)

by "affects many people" I mean it effect everyone who expects
`suricata-update` and `suricatasc` to JustWork as described in the
documentation.  without this patch most of the hardcoded paths in the Python
scripts and accompanying config files are pointing at incorrect directories
and/or config files.

I suppose reviewing this patch will make more sense if you apply it then run
`make patch` and examine all the files patched by this patch:

${WRKSRC}/configure*
${WRKSRC}/configure.ac
${WRKSRC}/suricata.yaml.in
${WRKSRC}/suricata-update/suricata/update/configs/update.yaml
${WRKSRC}/suricata-update/suricata/update/config.py
${WRKSRC}/suricata-update/suricata/update/parsers.py
${WRKSRC}/suricata-update/doc/*.rst
${WRKSRC}/suricata-update/README.rst
${WRKSRC}/suricata-update/Makefile
${WRKSRC}/contrib/suri-graphite

there should be a .bak or .orig file for each of those to diff.

none of these changes should break anything for anyone since the python scripts
never worked with the current hardcoded defaults -- some parameters were always
needed, e.g. the control socket location.

in a nutshell, this patch fixes `suricata-update` and `suricatasc` to work
without having to pass any override parameters such as the socket location and
all the relevant config files are installed in /usr/local/etc/suricata/ where
they are expected to be found by the scripts and the docs.

-- 
You are receiving this mail because:
You are the assignee for the bug.