Snort: init at 3.6.3.0 (#381363)

Author: Mic92

pkgs/by-name/li/libdaq/package.nix

@@ -0,0 +1,63 @@
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  autoreconfHook,
+  pkg-config,
+  libpcap,
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "libdaq";
+  version = "3.0.18";
+
+  src = fetchFromGitHub {
+    owner = "snort3";
+    repo = "libdaq";
+    tag = "v${finalAttrs.version}";
+    hash = "sha256-PMb8q8QcfUXxEf0s2UdaZogmxzqUCw0wRdzfT1xio/E=";
+  };
+
+  nativeBuildInputs = [
+    autoreconfHook
+    pkg-config
+  ];
+
+  buildInputs = [
+    libpcap
+    stdenv.cc.cc # libstdc++
+  ];
+
+  outputs = [
+    "lib"
+    "dev"
+    "out"
+  ];
+
+  autoreconfPhase = ''
+    ./bootstrap
+  '';
+
+  postInstall = ''
+    # remove build directory (/build/**, or /tmp/nix-build-**) from RPATHs
+    for f in "$out"/bin/*; do
+      local nrp="$(patchelf --print-rpath "$f" | sed -E 's@(:|^)'$NIX_BUILD_TOP'[^:]*:@\1@g')"
+      patchelf --set-rpath "$nrp" "$f"
+    done
+  '';
+
+  meta = {
+    description = "Data AcQuisition library (libDAQ), for snort packet I/O";
+    homepage = "https://www.snort.org";
+    maintainers = with lib.maintainers; [
+      aycanirican
+      brianmcgillion
+    ];
+    license = lib.licenses.gpl2;
+    outputsToInstall = [
+      "lib"
+      "dev"
+    ];
+    platforms = with lib.platforms; linux;
+  };
+})

pkgs/by-name/sn/snort/0001-cmake-fix-pkg-config-path-for-libdir.patch

@@ -0,0 +1,47 @@
+From a4dd3bf78fc8d4c22b40ddb4e91f525012703a5a Mon Sep 17 00:00:00 2001
+From: Brian McGillion <[email protected]>
+Date: Mon, 10 Feb 2025 23:31:47 +0400
+Subject: [PATCH] cmake: fix pkg-config path for libdir
+
+on systems that prefer absolute paths there is a mixing and matching of
+the relative and absolute paths that can result in the below creation of
+libdir having the prefix and the full path appended to it.
+
+** added to highlight
+
+``prefix=/nix/store/3npvhj5wfwhc0q42qwiinj64bzfb1vvz-snort-3.6.3.0
+exec_prefix=${prefix}
+bindir=${exec_prefix}/bin
+**libdir=${prefix}//nix/store/3npvhj5wfwhc0q42qwiinj64bzfb1vvz-snort-3.6.3.0/lib**
+includedir=${prefix}/include
+datarootdir=${prefix}/share
+datadir=${datarootdir}
+mandir=${datarootdir}/man
+infodir=${datarootdir}/info
+``
+
+In order to preserve backwards compatibility we will use the cmake
+fullpath option ${CMAKE_INSTALL_FULL_LIBDIR} in place of
+${prefix}/${CMAKE_INSTALL_LIBDIR} which will support both contexts.
+
+Signed-off-by: Brian McGillion <[email protected]>
+---
+ cmake/create_pkg_config.cmake | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cmake/create_pkg_config.cmake b/cmake/create_pkg_config.cmake
+index 300350cbd..4ce8b16e6 100644
+--- a/cmake/create_pkg_config.cmake
++++ b/cmake/create_pkg_config.cmake
+@@ -5,7 +5,7 @@
+ set(prefix "${CMAKE_INSTALL_PREFIX}")
+ set(exec_prefix "\${prefix}")
+ set(bindir "\${exec_prefix}/bin")
+-set(libdir "\${prefix}/${CMAKE_INSTALL_LIBDIR}")
++set(libdir "\${CMAKE_INSTALL_FULL_LIBDIR}")
+ set(includedir "\${prefix}/include")
+ set(datarootdir "\${prefix}/share")
+ set(datadir "\${datarootdir}")
+-- 
+2.47.2
+

pkgs/by-name/sn/snort/package.nix

@@ -1,68 +1,66 @@
 {
   lib,
   stdenv,
-  pkg-config,
+  fetchFromGitHub,
+  cmake,
+  libdaq,
+  libdnet,
+  flex,
+  hwloc,
   luajit,
   openssl,
-  fetchurl,
   libpcap,
-  pcre,
-  libdnet,
-  daq,
+  pcre2,
+  pkg-config,
   zlib,
-  flex,
-  bison,
-  makeWrapper,
-  libtirpc,
+  xz,
 }:
 
-stdenv.mkDerivation rec {
-  version = "2.9.20";
+stdenv.mkDerivation (finalAttrs: {
   pname = "snort";
+  version = "3.6.3.0";
 
-  src = fetchurl {
-    name = "${pname}-${version}.tar.gz";
-    url = "https://snort.org/downloads/archive/snort/${pname}-${version}.tar.gz";
-    sha256 = "sha256-KUAOE/U7GDHguLEOwSJKHLqm3BUzpTIqIN2Au4S0mBw=";
+  src = fetchFromGitHub {
+    owner = "snort3";
+    repo = "snort3";
+    rev = "refs/tags/${finalAttrs.version}";
+    hash = "sha256-loMmmpoaEncW31FUIE9Zf9w635Prvke6vCY+mIt6oGI=";
   };
 
   nativeBuildInputs = [
-    makeWrapper
+    libdaq
     pkg-config
+    cmake
   ];
+
   buildInputs = [
+    libdaq
+    libpcap
+    stdenv.cc.cc # libstdc++
+    libdnet
+    flex
+    hwloc
     luajit
     openssl
     libpcap
-    pcre
-    libdnet
-    daq
+    pcre2
     zlib
-    flex
-    bison
-    libtirpc
+    xz
   ];
 
-  env.NIX_CFLAGS_COMPILE = toString [ "-I${libtirpc.dev}/include/tirpc" ];
+  # Patch that is tracking upstream PR https://github.com/snort3/snort3/pull/399
+  patches = [ ./0001-cmake-fix-pkg-config-path-for-libdir.patch ];
 
   enableParallelBuilding = true;
 
-  configureFlags = [
-    "--disable-static-daq"
-    "--enable-control-socket"
-    "--with-daq-includes=${daq}/includes"
-    "--with-daq-libraries=${daq}/lib"
-  ];
-
-  postInstall = ''
-    wrapProgram $out/bin/snort --add-flags "--daq-dir ${daq}/lib/daq --dynamic-preprocessor-lib-dir $out/lib/snort_dynamicpreprocessor/ --dynamic-engine-lib-dir $out/lib/snort_dynamicengine"
-  '';
-
   meta = {
     description = "Network intrusion prevention and detection system (IDS/IPS)";
     homepage = "https://www.snort.org";
-    maintainers = with lib.maintainers; [ aycanirican ];
+    maintainers = with lib.maintainers; [
+      aycanirican
+      brianmcgillion
+    ];
     license = lib.licenses.gpl2;
     platforms = with lib.platforms; linux;
   };
-}
+})

pkgs/by-name/sn/snort2/package.nix

@@ -0,0 +1,70 @@
+{
+  lib,
+  stdenv,
+  pkg-config,
+  luajit,
+  openssl,
+  fetchurl,
+  libpcap,
+  pcre,
+  libdnet,
+  daq,
+  zlib,
+  flex,
+  bison,
+  makeWrapper,
+  libtirpc,
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  version = "2.9.20";
+  pname = "snort2";
+
+  # TODO: remove this package after 25.05 release
+  # https://github.com/NixOS/nixpkgs/pull/381363#issuecomment-2653483597
+  src = fetchurl rec {
+    name = "snort-${finalAttrs.version}.tar.gz";
+    url = "https://snort.org/downloads/snort/${name}";
+    sha256 = "sha256-KUAOE/U7GDHguLEOwSJKHLqm3BUzpTIqIN2Au4S0mBw=";
+  };
+
+  nativeBuildInputs = [
+    makeWrapper
+    pkg-config
+  ];
+  buildInputs = [
+    luajit
+    openssl
+    libpcap
+    pcre
+    libdnet
+    daq
+    zlib
+    flex
+    bison
+    libtirpc
+  ];
+
+  env.NIX_CFLAGS_COMPILE = toString [ "-I${libtirpc.dev}/include/tirpc" ];
+
+  enableParallelBuilding = true;
+
+  configureFlags = [
+    "--disable-static-daq"
+    "--enable-control-socket"
+    "--with-daq-includes=${daq}/includes"
+    "--with-daq-libraries=${daq}/lib"
+  ];
+
+  postInstall = ''
+    wrapProgram $out/bin/snort --add-flags "--daq-dir ${daq}/lib/daq --dynamic-preprocessor-lib-dir $out/lib/snort_dynamicpreprocessor/ --dynamic-engine-lib-dir $out/lib/snort_dynamicengine"
+  '';
+
+  meta = {
+    description = "Network intrusion prevention and detection system (IDS/IPS)";
+    homepage = "https://www.snort.org";
+    maintainers = with lib.maintainers; [ aycanirican ];
+    license = lib.licenses.gpl2;
+    platforms = with lib.platforms; linux;
+  };
+})