From nobody Sun Jan 26 23:52:14 2025 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yh7dC0Ykfz5lpD9 for ; Sun, 26 Jan 2025 23:52:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Yh7dB6vL3z40Tj for ; Sun, 26 Jan 2025 23:52:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1737935535; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hVln63A/HXT8cHO8sz5k2XaEwfybH5tLlOQ/lEYS8fo=; b=GDPhVArWPzviiQwz1g91e48nwoLSCOAgSVRiw32f9Q2m+wMhXZMVus/bo9SohH+/O+s6mm M1u/yL3zougkhwcrwPC18WFeHPZ0xB6GRSiSKrLPmKG5ipHkhafZzBJFOmtpqR/GweA4SM saNHRfoM/oY0LThBAaB2KLO6BkswX850XdzNMTilW0xe4MPtkA5sHFn2TN/1wdPGNE2uSt mptm8mdr3kSCwNteMpGFTaXwlCQxFrT+zPB57Dx4wJEagxtnZYMtJl7/reR6BKYu/EjS2D /XOkNCa+vV8+QSHNs6GdDCB2+zahwZNdrkjsuvJPkKJ51lP6kn74z0TqEpptlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1737935535; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hVln63A/HXT8cHO8sz5k2XaEwfybH5tLlOQ/lEYS8fo=; b=eiPjtHiPxnR8zYNbIhAxYtUmvrEugR4lf6SXmbzF2VxoxQTiixE/xKw1ts/HQkDXSBY7KW iO97I4di0V3yqAMUUbsCejvT+j1apIBApesIJi4HjdUGQuxb3JEzZZOXfJwjiZrguUniKi qeW2yy9X868Xv5MWBsFLdTjEGvbuQWj1bM2ZzgAaOU7D1Y/6WQ4p13+SMfjrtwKO1ptsb7 apcxH+gF4SfoTTG0qI559xc0Sxgp0wItP5rmErI6iskGrtjG9Nnb/fY9WUgo+k2Pcwn+mW goAhWpZfXTBs7cvRKkFwEL2sMZGd6/r+U9RjXS5ksdXY3d4ArlVDKjHBh+o3+Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1737935535; a=rsa-sha256; cv=none; b=YBTJLTcm77dk9C4MZx8zyzNwrIi83+yL4ty+gh4rRwmTDSGd6eg7X/P/Vy99Qsn2kMF+nC cc8m/BqqZqEpU2plHWKfmlBC4Z0jKXu/yDjgQwlQmg+RMgCRCRFESUvHKd6l7QxAhZ1CqQ P2bTPsHqNZPVrb74hLswyqblJ7cR8M+LKceedohVy5oaE3PsV1crs9Y2Ntg3hKZbVFmt9M q0NWuBEDGNVH9wfpBMxiSYcSHmVoyaGVk+L4GPB5ClXtwNk1haFgi4kYq5+xK4mI0/4yey tPh/3fGrQq53HZwf6JNSj6DaRA7FddcCDSxpfSz4rZQCykPcjBfFNXdTmve9ig== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yh7dB5jVjz14Xw for ; Sun, 26 Jan 2025 23:52:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 50QNqEJD094884 for ; Sun, 26 Jan 2025 23:52:14 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 50QNqEBg094883 for ports-bugs@FreeBSD.org; Sun, 26 Jan 2025 23:52:14 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 284377] security/suricata: fix suricata-update baked in paths to JustWork on FreeBSD Date: Sun, 26 Jan 2025 23:52:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: yds@Necessitu.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc flagtypes.name attachments.created Message-ID: Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-ports-bugs@freebsd.org Sender: owner-freebsd-ports-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D284377 Bug ID: 284377 Summary: security/suricata: fix suricata-update baked in paths to JustWork on FreeBSD Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: yds@Necessitu.de CC: franco@opnsense.org Flags: maintainer-feedback?(franco@opnsense.org) CC: franco@opnsense.org Created attachment 257020 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D257020&action= =3Dedit fix suricata-update baked in paths to JustWork on FreeBSD add new `files/patch-suricata.yaml.in` to always enable `/var/run/suricata/suricata-command.socket` expected by `suricata-update` a= nd `suricatasc` `files/patch-suricata.yaml.in` also uncomments and fixes the path for `magic-file: /usr/share/misc/magic` the Makefile is patched to further `sed` the `suricata.yaml.in` file to set= the correct path for GeoIP db post-patch-PYTHON-on: target then edits all the requisite `suricata-update`= and related docs to reference the actual paths and files installed by this port= /pkg post-install-PYTHON-on: and the pkg-plist are fixed up to install all the config files expected by `suricata-update` to $ETCDIR as .sample files. with the fixes in this patchset `suricata-update` can be run by a nightly cronjob and everything JustWorks including the reload-command: sudo /usr/local/bin/suricatasc -c reload-rules throughout the edits suricata's `data` dir is normalized to `/var/db/surica= ta/` -- this dir is created as needed by the scripts. the startup is bumped up to: # REQUIRE: FILESYSTEMS defaultroute resolv # BEFORE: NETWORKING the reason for this is suricata knocks the interface it connects to via net= map offline for many many seconds -- this disruption is better tolerated by FreeBSD's startup sequence /before/ NETWORKING is expected to already be working. the final result is the startup is happens much faster with fewer disruptions from the netmap interface going down while suricata binds to the interface. --=20 You are receiving this mail because: You are the assignee for the bug.=