snort: init at 3.6.3.0

Snort 3 aka snort++ is the next generation Snort IPS (Intrusion
Prevention System).

snort3 is actively maintained and developed unlike the snort2 baseline
so this with replace the old snort2 as the default version.

snort2 is not yet removed from the pkgs to allow folks to utilize that
if required.

In addition to the primary binary `snort` there is `snort2lua` a tool to
convert Snort 2.X conf and rules to the new form.

Signed-off-by: Brian McGillion <[email protected]>

Author: brianmcgillion

pkgs/by-name/sn/snort/0001-cmake-fix-pkg-config-path-for-libdir.patch

@@ -0,0 +1,47 @@
+From a4dd3bf78fc8d4c22b40ddb4e91f525012703a5a Mon Sep 17 00:00:00 2001
+From: Brian McGillion <[email protected]>
+Date: Mon, 10 Feb 2025 23:31:47 +0400
+Subject: [PATCH] cmake: fix pkg-config path for libdir
+
+on systems that prefer absolute paths there is a mixing and matching of
+the relative and absolute paths that can result in the below creation of
+libdir having the prefix and the full path appended to it.
+
+** added to highlight
+
+``prefix=/nix/store/3npvhj5wfwhc0q42qwiinj64bzfb1vvz-snort-3.6.3.0
+exec_prefix=${prefix}
+bindir=${exec_prefix}/bin
+**libdir=${prefix}//nix/store/3npvhj5wfwhc0q42qwiinj64bzfb1vvz-snort-3.6.3.0/lib**
+includedir=${prefix}/include
+datarootdir=${prefix}/share
+datadir=${datarootdir}
+mandir=${datarootdir}/man
+infodir=${datarootdir}/info
+``
+
+In order to preserve backwards compatibility we will use the cmake
+fullpath option ${CMAKE_INSTALL_FULL_LIBDIR} in place of
+${prefix}/${CMAKE_INSTALL_LIBDIR} which will support both contexts.
+
+Signed-off-by: Brian McGillion <[email protected]>
+---
+ cmake/create_pkg_config.cmake | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cmake/create_pkg_config.cmake b/cmake/create_pkg_config.cmake
+index 300350cbd..4ce8b16e6 100644
+--- a/cmake/create_pkg_config.cmake
++++ b/cmake/create_pkg_config.cmake
+@@ -5,7 +5,7 @@
+ set(prefix "${CMAKE_INSTALL_PREFIX}")
+ set(exec_prefix "\${prefix}")
+ set(bindir "\${exec_prefix}/bin")
+-set(libdir "\${prefix}/${CMAKE_INSTALL_LIBDIR}")
++set(libdir "\${CMAKE_INSTALL_FULL_LIBDIR}")
+ set(includedir "\${prefix}/include")
+ set(datarootdir "\${prefix}/share")
+ set(datadir "\${datarootdir}")
+-- 
+2.47.2
+

pkgs/by-name/sn/snort/package.nix

@@ -0,0 +1,66 @@
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  cmake,
+  libdaq,
+  libdnet,
+  flex,
+  hwloc,
+  luajit,
+  openssl,
+  libpcap,
+  pcre2,
+  pkg-config,
+  zlib,
+  xz,
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "snort";
+  version = "3.6.3.0";
+
+  src = fetchFromGitHub {
+    owner = "snort3";
+    repo = "snort3";
+    rev = "refs/tags/${finalAttrs.version}";
+    hash = "sha256-loMmmpoaEncW31FUIE9Zf9w635Prvke6vCY+mIt6oGI=";
+  };
+
+  nativeBuildInputs = [
+    libdaq
+    pkg-config
+    cmake
+  ];
+
+  buildInputs = [
+    libdaq
+    libpcap
+    stdenv.cc.cc # libstdc++
+    libdnet
+    flex
+    hwloc
+    luajit
+    openssl
+    libpcap
+    pcre2
+    zlib
+    xz
+  ];
+
+  # Patch that is tracking upstream PR https://github.com/snort3/snort3/pull/399
+  patches = [ ./0001-cmake-fix-pkg-config-path-for-libdir.patch ];
+
+  enableParallelBuilding = true;
+
+  meta = {
+    description = "Network intrusion prevention and detection system (IDS/IPS)";
+    homepage = "https://www.snort.org";
+    maintainers = with lib.maintainers; [
+      aycanirican
+      brianmcgillion
+    ];
+    license = lib.licenses.gpl2;
+    platforms = with lib.platforms; linux;
+  };
+})