markus.lehr/yoctor-layers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added my Recipes

Browse Source
This commit is contained in:
Markus Lehr
2024-07-11 14:16:35 +02:00
parent 38bc4f53ac
commit 09b621d929
7118 changed files with 525762 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
meta-openembedded/meta-networking/recipes-connectivity/snort/snort/0001-libpcap-search-sysroot-for-headers.patch Normal file
View File

@@ -0,0 +1,29 @@
From 5875dea90f71350b7205788fbc67e3759077cefe Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe@deserted.net>
Date: Wed, 20 Nov 2013 16:06:07 -0500
Subject: [PATCH] libpcap: search sysroot for headers
Configure hard-coded host header paths when building with libpcap. Point
the search path at the sysroot instead.
Upstream-Status: Pending
Signed-off-by: Joe MacDonald <joe@deserted.net>
---
configure.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.in b/configure.in
index 62573a8..fded45b 100644
--- a/configure.in
+++ b/configure.in
@@ -69,7 +69,7 @@ case "$host" in
linux="yes"
AC_DEFINE([LINUX],[1],[Define if Linux])
AC_SUBST(extra_incl)
- extra_incl="-I/usr/include/pcap"
+ extra_incl="-I=/usr/include/pcap"
;;
*-hpux10*|*-hpux11*)
AC_DEFINE([HPUX],[1],[Define if HP-UX 10 or 11])

60
meta-openembedded/meta-networking/recipes-connectivity/snort/snort/configure.in-disable-tirpc-checking-for-fedora.patch Normal file
View File

@@ -0,0 +1,60 @@
From 65463a7c5cb2514b1523a81911810effffb75a79 Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Fri, 28 Jun 2019 15:05:31 +0800
Subject: [PATCH] configure.in: disable tirpc checking for fedora
The Fedora 28+ does not have inbuilt SunRPC support in glibc and is
separately availble in tirpc package. So it enables tirpc checking for
fedora in configure.
Drop this piece of code since we had specify '-ltirpc' in LDFLAGS
explicitly. Otherwise it will cause a compile-host-path QA issue if the
host is Fedora 28+:
cc1: warning: include location "/usr/include/tirpc" is unsafe for
cross-compilation [-Wpoison-system-directories]
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
configure.in | 24 ------------------------
1 file changed, 24 deletions(-)
diff --git a/configure.in b/configure.in
index 8662cdd..0ff7e27 100644
--- a/configure.in
+++ b/configure.in
@@ -895,30 +895,6 @@ if test "x$enable_dlclose" = "xno"; then
AC_DEFINE([DISABLE_DLCLOSE_FOR_VALGRIND_TESTING],[1],[Don't close opened shared objects for valgrind leak testing of dynamic libraries])
fi
-##################################################
-# Fedora 28+ does not have inbuilt SunRPC support#
-# in glibc and is separately availble in tirpc #
-# package. Make sure we've got the library and #
-# link it #
-##################################################
-
-if test -f /etc/fedora-release ; then
- DISTRO_VERSION=$(awk '{ print $3 }' /etc/fedora-release)
- if test $DISTRO_VERSION -ge 28 ; then
- TIRPC=""
- AC_CHECK_LIB(tirpc,bindresvport,, TIRPC="no")
- echo "$TIRPC"
- if test "x$TIRPC" = "xno"; then
- echo
- echo " ERROR! tirpc not found, get it by running "
- echo " yum install libtirpc-devel "
- exit
- fi
- LIBS="${LIBS} -ltirpc"
- extra_incl="-I/usr/include/tirpc"
- fi
-fi
-
##################################################
# Centos 8+ does not have inbuilt SunRPC support #
# in glibc and is separately availble in tirpc #
--
2.7.4

254
meta-openembedded/meta-networking/recipes-connectivity/snort/snort/disable-run-test-program-while-cross-compiling.patch Normal file
View File

@@ -0,0 +1,254 @@
From dc390837bc7adc205bb955d0922040a7e365d8dd Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Mon, 23 Jul 2018 13:54:07 +0800
Subject: [PATCH] Disable run test program while cross compiling
fix configure error:
configure: error: cannot run test program while cross compiling
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
configure.in | 148 +++++------------------------------------------------------
1 file changed, 12 insertions(+), 136 deletions(-)
diff --git a/configure.in b/configure.in
index 4b3a5db..a6c5498 100644
--- a/configure.in
+++ b/configure.in
@@ -284,19 +284,7 @@ AC_CHECK_TYPES([boolean])
# In case INADDR_NONE is not defined (like on Solaris)
have_inaddr_none="no"
AC_MSG_CHECKING([for INADDR_NONE])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-]],
-[[
- if (inet_addr("10,5,2") == INADDR_NONE);
- return 0;
-]])],
-[have_inaddr_none="yes"],
-[have_inaddr_none="no"])
+have_inaddr_none="yes"
AC_MSG_RESULT($have_inaddr_none)
if test "x$have_inaddr_none" = "xno"; then
AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
@@ -429,16 +417,7 @@ if test "x$LPCAP" = "xno"; then
fi
AC_MSG_CHECKING([for pcap_lex_destroy])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <pcap.h>
-]],
-[[
- pcap_lex_destroy();
-]])],
-[have_pcap_lex_destroy="yes"],
-[have_pcap_lex_destroy="no"])
+have_pcap_lex_destroy="yes"
AC_MSG_RESULT($have_pcap_lex_destroy)
if test "x$have_pcap_lex_destroy" = "xyes"; then
AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
@@ -716,17 +695,7 @@ fi
AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta] [daq_dp_add_dc])
AC_MSG_CHECKING([for daq real addresses])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
- DAQ_PktHdr_t hdr;
- hdr.n_real_dPort = 0;
-]])],
-[have_daq_real_addresses="yes"],
-[have_daq_real_addresses="no"])
+have_daq_real_addresses="no"
AC_MSG_RESULT($have_daq_real_addresses)
if test "x$have_daq_real_addresses" = "xyes"; then
AC_DEFINE([HAVE_DAQ_REAL_ADDRESSES],[1],
@@ -754,17 +723,7 @@ if test "x$ac_cv_func_daq_dp_add_dc" = "xyes"; then
fi
AC_MSG_CHECKING([for daq address space ID])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
- DAQ_PktHdr_t hdr;
- hdr.address_space_id = 0;
-]])],
-[have_daq_address_space_id="yes"],
-[have_daq_address_space_id="no"])
+have_daq_address_space_id="yes"
AC_MSG_RESULT($have_daq_address_space_id)
if test "x$have_daq_address_space_id" = "xyes"; then
AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
@@ -772,17 +731,7 @@ if test "x$have_daq_address_space_id" = "xyes"; then
fi
AC_MSG_CHECKING([for daq flow ID])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
- DAQ_PktHdr_t hdr;
- hdr.flow_id = 0;
-]])],
-[have_daq_flow_id="yes"],
-[have_daq_flow_id="no"])
+have_daq_flow_id="yes"
AC_MSG_RESULT($have_daq_flow_id)
if test "x$have_daq_flow_id" = "xyes"; then
AC_DEFINE([HAVE_DAQ_FLOW_ID],[1],
@@ -790,19 +739,7 @@ if test "x$have_daq_flow_id" = "xyes"; then
fi
AC_MSG_CHECKING([for daq extended flow modifiers])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
- DAQ_ModFlow_t mod;
- mod.type = 0;
- mod.length = 0;
- mod.value = NULL;
-]])],
-[have_daq_ext_modflow="yes"],
-[have_daq_ext_modflow="no"])
+have_daq_ext_modflow="no"
AC_MSG_RESULT($have_daq_ext_modflow)
if test "x$have_daq_ext_modflow" = "xyes"; then
CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_EXT_MODFLOW"
@@ -811,19 +748,7 @@ if test "x$have_daq_ext_modflow" = "xyes"; then
fi
AC_MSG_CHECKING([for daq query flow])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
- DAQ_QueryFlow_t mod;
- mod.type = 0;
- mod.length = 0;
- mod.value = NULL;
-]])],
-[have_daq_queryflow="yes"],
-[have_daq_queryflow="no"])
+have_daq_queryflow="no"
AC_MSG_RESULT($have_daq_queryflow)
if test "x$have_daq_queryflow" = "xyes"; then
CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_QUERYFLOW"
@@ -832,16 +757,7 @@ if test "x$have_daq_queryflow" = "xyes"; then
fi
AC_MSG_CHECKING([for daq data channel flags])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
- DAQ_Data_Channel_Params_t params;
-]])],
-[have_daq_data_channel_flags="yes"],
-[have_daq_data_channel_flags="no"])
+have_daq_data_channel_flags="no"
AC_MSG_RESULT($have_daq_data_channel_flags)
if test "x$have_daq_data_channel_flags" = "xyes"; then
CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_DATA_CHANNEL_PARAMS"
@@ -850,17 +766,7 @@ if test "x$have_daq_data_channel_flags" = "xyes"; then
fi
AC_MSG_CHECKING([for separate IP versions on pinhole endpoints])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
- DAQ_DP_key_t dpKey;
- dpKey.src_af = 0;
-]])],
-[have_daq_data_channel_separate_ip_versions="yes"],
-[have_daq_data_channel_separate_ip_versions="no"])
+have_daq_data_channel_separate_ip_versions="no"
AC_MSG_RESULT($have_daq_data_channel_separate_ip_versions)
if test "x$have_daq_data_channel_separate_ip_versions" = "xyes"; then
CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_DATA_CHANNEL_SEPARATE_IP_VERSIONS"
@@ -869,17 +775,7 @@ if test "x$have_daq_data_channel_separate_ip_versions" = "xyes"; then
fi
AC_MSG_CHECKING([for DAQ_VERDICT_RETRY])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
- DAQ_Verdict verdict;
- verdict = DAQ_VERDICT_RETRY;
-]])],
-[have_daq_verdict_retry="yes"],
-[have_daq_verdict_retry="no"])
+have_daq_verdict_retry="yes"
AC_MSG_RESULT($have_daq_verdict_retry)
if test "x$have_daq_verdict_retry" = "xyes"; then
AC_DEFINE([HAVE_DAQ_VERDICT_RETRY],[1],
@@ -887,17 +783,7 @@ if test "x$have_daq_verdict_retry" = "xyes"; then
fi
AC_MSG_CHECKING([for daq packet trace])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
- DAQ_PktHdr_t hdr;
- hdr.flags = DAQ_PKT_FLAG_TRACE_ENABLED;
-]])],
-[have_daq_packet_trace="yes"],
-[have_daq_packet_trace="no"])
+have_daq_packet_trace="no"
AC_MSG_RESULT($have_daq_packet_trace)
if test "x$have_daq_packet_trace" = "xyes"; then
AC_DEFINE([HAVE_DAQ_PKT_TRACE],[1],
@@ -907,17 +793,7 @@ else
fi
AC_MSG_CHECKING([for daq verdict reason])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
- DAQ_ModFlow_t fl;
- fl.type = DAQ_MODFLOW_TYPE_VER_REASON;
-]])],
-[have_daq_verdict_reason="yes"],
-[have_daq_verdict_reason="no"])
+have_daq_verdict_reason="no"
AC_MSG_RESULT($have_daq_verdict_reason)
if test "x$have_daq_verdict_reason" = "xyes"; then
AC_DEFINE([HAVE_DAQ_VERDICT_REASON],[1],
--
2.7.4

30
meta-openembedded/meta-networking/recipes-connectivity/snort/snort/fix-host-contamination-when-enable-static-daq.patch Normal file
View File

@@ -0,0 +1,30 @@
From f46d096015d7402a37a59eb66b8f6b7fbf0cdff0 Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Wed, 24 May 2017 17:38:53 +0800
Subject: [PATCH] snort: enable static daq
Upstream-Status: Inappropriate [embedded specific]
When enable static daq for snort, it calls to daq-modules-config to get link
library and library path. Library path is useless for oe and cause host
contamination issue. So filter it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
configure.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.in b/configure.in
index fded45b..a247bb9 100644
--- a/configure.in
+++ b/configure.in
@@ -658,7 +658,7 @@ fi
if test "x$enable_static_daq" = "xyes"; then
LDAQ=""
- LIBS="${LIBS} `daq-modules-config --static --libs`"
+ LIBS="${LIBS} `daq-modules-config --static --libs | sed 's#-L[^ ]*##g'`"
AC_CHECK_LIB([daq_static], [daq_load_modules],
[LIBS="-ldaq_static ${LIBS}"], [LDAQ="no"], [ ])

110
meta-openembedded/meta-networking/recipes-connectivity/snort/snort/snort.init Normal file
View File

@@ -0,0 +1,110 @@
#!/bin/sh
#
# Snort Startup Script modified for OpenEmbedded
#
# Script variables
LAN_INTERFACE="$2"
RETURN_VAL=0
BINARY=/usr/bin/snort
PATH=/bin:/usr/bin
PID=/var/run/snort_${LAN_INTERFACE}_ids.pid
DEL_PID=$PID
LOGDIR="/var/log/snort"
DATE=`/bin/date +%Y%m%d`
CONFIG_FILE=/etc/snort/snort.conf
PROG=snort
USER=root
GROUP=root
if [ ! -x "$BINARY" ]; then
echo "ERROR: $BINARY not found."
exit 1
fi
if [ ! -r "$CONFIG_FILE" ]; then
echo "ERROR: $CONFIG_FILE not found."
exit 1
fi
start()
{
[ -n "$LAN_INTERFACE" ] || return 0
# Check if log diratory is present. Otherwise, create it.
if [ ! -d $LOGDIR/$DATE ]; then
mkdir -p $LOGDIR/$DATE
/bin/chown -R $USER:$USER $LOGDIR/$DATE
/bin/chmod -R 700 $LOGDIR/$DATE
fi
/bin/echo "Starting $PROG: "
# Snort parameters
# -D Run Snort in background (daemon) mode
# -i <if> Listen on interface <if>
# -u <uname> Run snort uid as <uname> user (or uid)
# -g <gname> Run snort uid as <gname> group (or gid)
# -c Load configuration file
# -N Turn off logging (alerts still work) (removed to enable logging) :)
# -l Log to directory
# -t Chroots process to directory after initialization
# -R <id> Include 'id' in snort_intf<id>.pid file name
$BINARY -D -i $LAN_INTERFACE -u $USER -g $GROUP -c $CONFIG_FILE -l $LOGDIR/$DATE -t $LOGDIR/$DATE -R _ids
/bin/echo "$PROG startup complete."
return $RETURN_VAL
}
stop()
{
if [ -s $PID ]; then
/bin/echo "Stopping $PROG with PID `cat $PID`: "
kill -TERM `cat $PID` 2>/dev/null
RETURN_VAL=$?
/bin/echo "$PROG shutdown complete."
[ -e $DEL_PID ] && rm -f $DEL_PID
[ -e $DEL_PID.lck ] && rm -f $DEL_PID.lck
else
/bin/echo "ERROR: PID in $PID file not found."
RETURN_VAL=1
fi
return $RETURN_VAL
}
status()
{
if [ -s $PID ]; then
echo "$PROG is running as pid `cat $PID`:"
else
echo "$PROG is not running."
fi
}
restart()
{
stop
start
RETURN_VAL=$?
return $RETURN_VAL
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status
;;
restart|reload)
restart
;;
*)
/bin/echo "Usage: $0 {start|stop|status|restart|reload}"
RETURN_VAL=1
esac
exit $RETURN_VAL

2
meta-openembedded/meta-networking/recipes-connectivity/snort/snort/volatiles.99_snort Normal file
View File

@@ -0,0 +1,2 @@
# <type> <owner> <group> <mode> <path> <linksource>
d root root 0755 /var/log/snort none

111
meta-openembedded/meta-networking/recipes-connectivity/snort/snort_2.9.20.bb Normal file
View File

@@ -0,0 +1,111 @@
DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
HOMEPAGE = "http://www.snort.org/"
SECTION = "net"
LICENSE = "GPL-2.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
DEPENDS = "xz libpcap libpcre daq libdnet util-linux daq-native libtirpc bison-native"
SRC_URI = "https://www.snort.org/downloads/archive/snort/${BP}.tar.gz \
file://snort.init \
file://volatiles.99_snort \
file://0001-libpcap-search-sysroot-for-headers.patch \
file://fix-host-contamination-when-enable-static-daq.patch \
file://disable-run-test-program-while-cross-compiling.patch \
file://configure.in-disable-tirpc-checking-for-fedora.patch \
"
SRC_URI[sha256sum] = "29400e13f53b1831e0b8b10ec1224a1cbaa6dc1533a5322a20dd80bb84b4981c"
UPSTREAM_CHECK_URI = "https://www.snort.org/downloads"
UPSTREAM_CHECK_REGEX = "snort-(?P<pver>\d+(\.\d+)+)\.tar"
inherit autotools gettext update-rc.d pkgconfig
INITSCRIPT_NAME = "snort"
INITSCRIPT_PARAMS = "defaults"
EXTRA_OECONF = " \
--enable-gre \
--enable-linux-smp-stats \
--enable-reload \
--enable-reload-error-restart \
--enable-targetbased \
--enable-static-daq \
--with-dnet-includes=${STAGING_INCDIR} \
--with-dnet-libraries=${STAGING_LIBDIR} \
--with-libpcre-includes=${STAGING_INCDIR} \
--with-libpcre-libraries=${STAGING_LIBDIR} \
--with-daq-includes=${STAGING_INCDIR} \
--with-daq-libraries=${STAGING_LIBDIR} \
"
# if you want to disable it, you need to patch configure.in first
# AC_CHECK_HEADERS([openssl/sha.h],, SHA_H="no")
# is called even with --without-openssl-includes
PACKAGECONFIG ?= "openssl lzma"
PACKAGECONFIG[openssl] = "--with-openssl-includes=${STAGING_INCDIR} --with-openssl-libraries=${STAGING_LIBDIR}, --without-openssl-includes --without-openssl-libraries, openssl,"
PACKAGECONFIG[lzma] = "--with-lzma-includes=${STAGING_INCDIR} --with-lzma-libraries=${STAGING_LIBDIR}, --without-lzma-includes --without-lzma-libraries, xz,"
PACKAGECONFIG[appid] = "--enable-open-appid, --disable-open-appid, luajit, bash"
CFLAGS += "-I${STAGING_INCDIR}/tirpc"
LDFLAGS += " -ltirpc"
do_install:append() {
install -d ${D}${sysconfdir}/snort/rules
install -d ${D}${sysconfdir}/snort/preproc_rules
install -d ${D}${sysconfdir}/init.d
for i in map config conf dtd; do
cp ${S}/etc/*.$i ${D}${sysconfdir}/snort/
done
# fix the hardcoded path and lib name
# comment out the rules that are not provided
sed -i -e 's#/usr/local/lib#${libdir}#' \
-e 's#\.\./\(.*rules\)#${sysconfdir}/snort/\1#' \
-e 's#\(libsf_engine.so\)#\1.0#' \
-e 's/^\(include $RULE_PATH\)/#\1/' \
-e 's/^\(dynamicdetection\)/#\1/' \
-e '/preprocessor reputation/,/blacklist/ s/^/#/' \
${D}${sysconfdir}/snort/snort.conf
cp ${S}/preproc_rules/*.rules ${D}${sysconfdir}/snort/preproc_rules/
install -m 755 ${WORKDIR}/snort.init ${D}${sysconfdir}/init.d/snort
install -d ${D}${sysconfdir}/default/volatiles
install -m 0644 ${WORKDIR}/volatiles.99_snort ${D}${sysconfdir}/default/volatiles/99_snort
sed -i -e 's|-ffile-prefix-map[^ ]*||g; s|-fdebug-prefix-map[^ ]*||g; s|-fmacro-prefix-map[^ ]*||g; s|${STAGING_DIR_TARGET}||g' ${D}${libdir}/pkgconfig/*.pc
}
pkg_postinst:${PN}() {
if [ -z "$D" ] && [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
${sysconfdir}/init.d/populate-volatile.sh update
fi
}
FILES:${PN} += " \
${libdir}/snort_dynamicengine/*.so.* \
${libdir}/snort_dynamicpreprocessor/*.so.* \
${libdir}/snort_dynamicrules/*.so.* \
"
FILES:${PN}-dbg += " \
${libdir}/snort_dynamicengine/.debug \
${libdir}/snort_dynamicpreprocessor/.debug \
${libdir}/snort_dynamicrules/.debug \
"
FILES:${PN}-staticdev += " \
${libdir}/snort_dynamicengine/*.a \
${libdir}/snort_dynamicpreprocessor/*.a \
${libdir}/snort_dynamicrules/*.a \
${libdir}/snort/dynamic_preproc/*.a \
${libdir}/snort/dynamic_output/*.a \
"
FILES:${PN}-dev += " \
${libdir}/snort_dynamicengine/*.la \
${libdir}/snort_dynamicpreprocessor/*.la \
${libdir}/snort_dynamicrules/*.la \
${libdir}/snort_dynamicengine/*.so \
${libdir}/snort_dynamicpreprocessor/*.so \
${libdir}/snort_dynamicrules/*.so \
${prefix}/src/snort_dynamicsrc \
"