[Buildroot] [PATCH v5,2/2] package/zeek: new package
Fabrice Fontaine
fontaine.fabrice at gmail.com
Sun Oct 17 13:21:10 UTC 2021
The Zeek Network Security Monitor
Zeek is a powerful network analysis framework that is much different
from the typical IDS you may know. (Zeek is the new name for the
long-established Bro system.)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
Changes v4 -> v5:
- host-python3 is mandatory
Changes v3 -> v4:
- Bump to latest version (4.1.1) and drop patch (already in version)
- python 2 support dropped since
https://github.com/zeek/zeek/commit/eeec219a66ed89235093fb63753d6baf6c21de78
- BSD-3-Clause added since
https://github.com/zeek/zeek/commit/d070709c573fc01a40735a6c921a9095988306cc
Changes v2 -> v3 (after review of Thomas Petazzoni):
- Bump to version 3.2.2 (security fixes)
- Add host-zeek dependencies
- Install bifcl and binpac to HOST_DIR
Changes v1 -> v2:
- Bump to version 3.2.0
- Drop second and third patches (already in version)
- Update ZEEK_SITE
- Update indentation in hash file (two spaces)
- Update third party licences
DEVELOPERS | 1 +
package/Config.in | 1 +
package/zeek/Config.in | 43 +++++++++++++++++++
package/zeek/zeek.hash | 6 +++
package/zeek/zeek.mk | 93 ++++++++++++++++++++++++++++++++++++++++++
5 files changed, 144 insertions(+)
create mode 100644 package/zeek/Config.in
create mode 100644 package/zeek/zeek.hash
create mode 100644 package/zeek/zeek.mk
diff --git a/DEVELOPERS b/DEVELOPERS
index 19f6d95270..30383af538 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -919,6 +919,7 @@ F: package/tinycbor/
F: package/tinydtls/
F: package/tinymembench/
F: package/whois/
+F: package/zeek/
N: Fabrice Goucem <fabrice.goucem at oss.nxp.com>
F: board/freescale/imx6ullevk/
diff --git a/package/Config.in b/package/Config.in
index 48f365d773..93f42cb74e 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2366,6 +2366,7 @@ endif
source "package/xinetd/Config.in"
source "package/xl2tp/Config.in"
source "package/xtables-addons/Config.in"
+ source "package/zeek/Config.in"
source "package/znc/Config.in"
endmenu
diff --git a/package/zeek/Config.in b/package/zeek/Config.in
new file mode 100644
index 0000000000..e474251aeb
--- /dev/null
+++ b/package/zeek/Config.in
@@ -0,0 +1,43 @@
+config BR2_PACKAGE_ZEEK
+ bool "zeek"
+ depends on BR2_USE_MMU # fork()
+ depends on BR2_INSTALL_LIBSTDCPP
+ depends on !BR2_STATIC_LIBS
+ depends on BR2_TOOLCHAIN_HAS_THREADS
+ depends on BR2_USE_WCHAR
+ select BR2_PACKAGE_LIBPCAP
+ select BR2_PACKAGE_MUSL_FTS if !BR2_TOOLCHAIN_USES_GLIBC
+ select BR2_PACKAGE_OPENSSL
+ select BR2_PACKAGE_ZLIB
+ help
+ The Zeek Network Security Monitor
+
+ Zeek is a powerful network analysis framework that is much
+ different from the typical IDS you may know. (Zeek is the new
+ name for the long-established Bro system.)
+
+ https://www.zeek.org
+
+if BR2_PACKAGE_ZEEK
+
+config BR2_PACKAGE_ZEEK_ZEEKCTL
+ bool "zeekctl"
+ depends on BR2_PACKAGE_PYTHON3
+ select BR2_PACKAGE_BASH # runtime
+ select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # bash
+ select BR2_PACKAGE_PYTHON3_CURSES
+ select BR2_PACKAGE_PYTHON3_HASHLIB
+ select BR2_PACKAGE_PYTHON3_SQLITE
+ select BR2_PACKAGE_PYTHON3_ZLIB
+ help
+ Tool for managing Zeek deployments
+
+comment "zeekctl tools needs python3"
+ depends on !BR2_PACKAGE_PYTHON3
+
+endif
+
+comment "zeek needs a toolchain w/ C++, wchar, threads, dynamic library"
+ depends on BR2_USE_MMU
+ depends on !BR2_INSTALL_LIBSTDCPP || !BR2_USE_WCHAR || \
+ !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS
diff --git a/package/zeek/zeek.hash b/package/zeek/zeek.hash
new file mode 100644
index 0000000000..05e57b5024
--- /dev/null
+++ b/package/zeek/zeek.hash
@@ -0,0 +1,6 @@
+# Locally computed:
+sha256 8c0afc999a8dd1c1f677a5cf818479b99c2d527e679e1ef99fb1b03f989c0373 zeek-4.1.1.tar.gz
+
+# Hash for license files:
+sha256 b2817e2fb935805ec9fc0e90c6b971efd810d9aedfc646bc5fcb535221e0266a COPYING
+sha256 1a451eca7b3826a7df62991ba90dd6d23ff03d28c2eefb7f8c4f8b1eac97a61b COPYING.3rdparty
diff --git a/package/zeek/zeek.mk b/package/zeek/zeek.mk
new file mode 100644
index 0000000000..1e30b9d95f
--- /dev/null
+++ b/package/zeek/zeek.mk
@@ -0,0 +1,93 @@
+################################################################################
+#
+# zeek
+#
+################################################################################
+
+ZEEK_VERSION = 4.1.1
+ZEEK_SITE = https://download.zeek.org
+ZEEK_LICENSE = \
+ BSD-3-Clause (zeek, C++ Actor Framework, ConvertUTF.c, CardinalityCounter.cc, pybind11), \
+ Public Domain (sqlite), \
+ MIT (doctest, libkqueue, RapidJSON, tsl-ordered-map, bro_inet_ntop.c), \
+ LGPL-3.0+ (Multifast Project), \
+ BSD-2-Clause (event.h), \
+ BSD-3-Clause (in_cksum.cc) \
+ BSD-4-Clause (Patricia.c, strsep.c, bsd-getopt-long.c), \
+ Apache-2.0 (highwayhash, folly), \
+ MPL-2.0 (mozilla-ca-list.zeek)
+ZEEK_LICENSE_FILES = COPYING COPYING.3rdparty
+ZEEK_SUPPORTS_IN_SOURCE_BUILD = NO
+ZEEK_DEPENDENCIES = \
+ host-bison \
+ host-flex \
+ host-pkgconf \
+ host-python3 \
+ host-zeek \
+ $(if $(BR2_PACKAGE_LIBKRB5),libkrb5) \
+ $(if $(BR2_PACKAGE_LIBMAXMINDDB),libmaxminddb) \
+ libpcap \
+ openssl \
+ $(if $(BR2_PACKAGE_ROCKSDB),rocksdb) \
+ zlib
+HOST_ZEEK_DEPENDENCIES = \
+ host-bison \
+ host-flex \
+ host-pkgconf \
+ host-python3 \
+ host-libpcap \
+ host-openssl \
+ host-zlib
+
+ZEEK_CONF_OPTS = \
+ -DBIFCL_EXE_PATH=$(HOST_DIR)/bin/bifcl \
+ -DBINPAC_EXE_PATH=$(HOST_DIR)/bin/binpac \
+ -DBROKER_DISABLE_DOCS=ON \
+ -DBROKER_DISABLE_TESTS=ON \
+ -DINSTALL_AUX_TOOLS=ON \
+ -DZEEK_ETC_INSTALL_DIR=/etc
+
+define ZEEK_FIX_PYTHON_PATH
+ $(SED) 's, at PYTHON_EXECUTABLE@,/usr/bin/python,' \
+ $(@D)/auxil/zeekctl/ZeekControl/ssh_runner.py
+endef
+
+ZEEK_POST_INSTALL_TARGET_HOOKS += ZEEK_FIX_PYTHON_PATH
+
+ifeq ($(BR2_PACKAGE_JEMALLOC),y)
+ZEEK_DEPENDENCIES += jemalloc
+ZEEK_CONF_OPTS += -DENABLE_JEMALLOC=ON
+else
+ZEEK_CONF_OPTS += -DENABLE_JEMALLOC=OFF
+endif
+
+ifeq ($(BR2_PACKAGE_ZEEK_ZEEKCTL),y)
+ZEEK_DEPENDENCIES += \
+ host-swig \
+ $(if $(BR2_PACKAGE_PYTHON3),python3)
+ZEEK_CONF_OPTS += \
+ -DDISABLE_PYTHON_BINDINGS=OFF \
+ -DINSTALL_ZEEKCTL=ON \
+ -DPY_MOD_INSTALL_DIR=/usr/lib/zeekctl
+else
+ZEEK_CONF_OPTS += \
+ -DDISABLE_PYTHON_BINDINGS=ON \
+ -DINSTALL_ZEEKCTL=OFF
+endif
+
+ifneq ($(BR2_TOOLCHAIN_USES_GLIBC),y)
+ZEEK_DEPENDENCIES += musl-fts
+ZEEK_CONF_OPTS += -DCMAKE_EXE_LINKER_FLAGS=-lfts
+endif
+
+HOST_ZEEK_MAKE_OPTS = binpac bifcl
+
+define HOST_ZEEK_INSTALL_CMDS
+ $(INSTALL) -D -m 0755 $(HOST_ZEEK_BUILDDIR)/auxil/bifcl/bifcl \
+ $(HOST_DIR)/bin/bifcl
+ $(INSTALL) -D -m 0755 $(HOST_ZEEK_BUILDDIR)/auxil/binpac/src/binpac \
+ $(HOST_DIR)/bin/binpac
+endef
+
+$(eval $(cmake-package))
+$(eval $(host-cmake-package))
--
2.33.0
More information about the buildroot
mailing list