suricata: add tmpfiles.d config

This is needed to ensure our /var/log directory is created when using systemd. Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Christopher Larson <chris_larson@mentor.com> 2019-11-25 21:41:12 +0500
committer: Armin Kuster <akuster808@gmail.com> 2020-01-04 15:46:27 -0800
commit: 6e4339f350df7ab44f61441fb3192e6460f469a6 (patch)
tree: d3e5ec14367dcd4dc58f91bbc203dc5b4c6ede70
parent: 08d63c5241f27f4ae33f3aee5515b4469176126e (diff)
download: meta-security-6e4339f350df7ab44f61441fb3192e6460f469a6.tar.gz
2 files changed, 20 insertions, 10 deletions
diff --git a/recipes-ids/suricata/files/tmpfiles.suricata b/recipes-ids/suricata/files/tmpfiles.suricata
new file mode 100644
index 0000000..fbf3784
--- /dev/null
+++ b/recipes-ids/suricata/files/tmpfiles.suricata
@@ -0,0 +1,2 @@
+#Type Path        Mode UID  GID  Age Argument
+d /var/log/suricata 0755 root root
diff --git a/recipes-ids/suricata/suricata_4.1.5.bb b/recipes-ids/suricata/suricata_4.1.5.bb
index e15a9a3..b2700d6 100644
--- a/recipes-ids/suricata/suricata_4.1.5.bb
+++ b/recipes-ids/suricata/suricata_4.1.5.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd
 SRC_URI += " \
    file://volatiles.03_suricata \
+    file://tmpfiles.suricata \
    file://suricata.yaml \
    file://suricata.service \
    file://run-ptest \
@@ -59,14 +60,19 @@ do_install_append () {
    install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata
-    install -d ${D}${systemd_unitdir}/system
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-    sed  -e s:/etc:${sysconfdir}:g \
+        install -d ${D}${sysconfdir}/tmpfiles.d
-         -e s:/var/run:/run:g \
+        install -m 0644 ${WORKDIR}/tmpfiles.suricata ${D}${sysconfdir}/tmpfiles.d/suricata.conf
-         -e s:/var:${localstatedir}:g \
-         -e s:/usr/bin:${bindir}:g \
+        install -d ${D}${systemd_unitdir}/system
-         -e s:/bin/kill:${base_bindir}/kill:g \
+        sed  -e s:/etc:${sysconfdir}:g \
-         -e s:/usr/lib:${libdir}:g \
+             -e s:/var/run:/run:g \
-         ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service
+             -e s:/var:${localstatedir}:g \
+             -e s:/usr/bin:${bindir}:g \
+             -e s:/bin/kill:${base_bindir}/kill:g \
+             -e s:/usr/lib:${libdir}:g \
+             ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service
+    fi
    # Remove /var/run as it is created on startup
    rm -rf ${D}${localstatedir}/run
@@ -74,7 +80,9 @@ do_install_append () {
 }
 pkg_postinst_ontarget_${PN} () {
-if [ -e /etc/init.d/populate-volatile.sh ] ; then
+if command -v systemd-tmpfiles >/dev/null; then
+    systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/suricata.conf
+elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
    ${sysconfdir}/init.d/populate-volatile.sh update
 fi
 }
@@ -82,7 +90,7 @@ fi
 SYSTEMD_PACKAGES = "${PN}"
 PACKAGES =+ "${PN}-socketcontrol"
-FILES_${PN} += "${systemd_unitdir}"
+FILES_${PN} += "${systemd_unitdir} ${sysconfdir}/tmpfiles.d"
 FILES_${PN}-socketcontrol = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
 CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"
author	Christopher Larson <chris_larson@mentor.com>	2019-11-25 21:41:12 +0500
committer	Armin Kuster <akuster808@gmail.com>	2020-01-04 15:46:27 -0800
commit	6e4339f350df7ab44f61441fb3192e6460f469a6 (patch)
tree	d3e5ec14367dcd4dc58f91bbc203dc5b4c6ede70
parent	08d63c5241f27f4ae33f3aee5515b4469176126e (diff)
download	meta-security-6e4339f350df7ab44f61441fb3192e6460f469a6.tar.gz

diff --git a/recipes-ids/suricata/files/tmpfiles.suricata b/recipes-ids/suricata/files/tmpfiles.suricata new file mode 100644 index 0000000..fbf3784 --- /dev/null +++ b/recipes-ids/suricata/files/tmpfiles.suricata
@@ -0,0 +1,2 @@
		1	#Type Path Mode UID GID Age Argument
		2	d /var/log/suricata 0755 root root


diff --git a/recipes-ids/suricata/suricata_4.1.5.bb b/recipes-ids/suricata/suricata_4.1.5.bb index e15a9a3..b2700d6 100644 --- a/recipes-ids/suricata/suricata_4.1.5.bb +++ b/recipes-ids/suricata/suricata_4.1.5.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;beginline=1;endline=2;md5=c70d8d3310941dcdfcd
6		6
7	SRC_URI += " \	7	SRC_URI += " \
8	file://volatiles.03_suricata \	8	file://volatiles.03_suricata \
		9	file://tmpfiles.suricata \
9	file://suricata.yaml \	10	file://suricata.yaml \
10	file://suricata.service \	11	file://suricata.service \
11	file://run-ptest \	12	file://run-ptest \
@@ -59,14 +60,19 @@ do_install_append () {
59		60
60	install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata	61	install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata
61		62
62	install -d ${D}${systemd_unitdir}/system	63	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
63	sed -e s:/etc:${sysconfdir}:g \	64	install -d ${D}${sysconfdir}/tmpfiles.d
64	-e s:/var/run:/run:g \	65	install -m 0644 ${WORKDIR}/tmpfiles.suricata ${D}${sysconfdir}/tmpfiles.d/suricata.conf
65	-e s:/var:${localstatedir}:g \	66
66	-e s:/usr/bin:${bindir}:g \	67	install -d ${D}${systemd_unitdir}/system
67	-e s:/bin/kill:${base_bindir}/kill:g \	68	sed -e s:/etc:${sysconfdir}:g \
68	-e s:/usr/lib:${libdir}:g \	69	-e s:/var/run:/run:g \
69	${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service	70	-e s:/var:${localstatedir}:g \
		71	-e s:/usr/bin:${bindir}:g \
		72	-e s:/bin/kill:${base_bindir}/kill:g \
		73	-e s:/usr/lib:${libdir}:g \
		74	${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service
		75	fi
70		76
71	# Remove /var/run as it is created on startup	77	# Remove /var/run as it is created on startup
72	rm -rf ${D}${localstatedir}/run	78	rm -rf ${D}${localstatedir}/run
@@ -74,7 +80,9 @@ do_install_append () {
74	}	80	}
75		81
76	pkg_postinst_ontarget_${PN} () {	82	pkg_postinst_ontarget_${PN} () {
77	if [ -e /etc/init.d/populate-volatile.sh ] ; then	83	if command -v systemd-tmpfiles >/dev/null; then
		84	systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/suricata.conf
		85	elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
78	${sysconfdir}/init.d/populate-volatile.sh update	86	${sysconfdir}/init.d/populate-volatile.sh update
79	fi	87	fi
80	}	88	}
@@ -82,7 +90,7 @@ fi
82	SYSTEMD_PACKAGES = "${PN}"	90	SYSTEMD_PACKAGES = "${PN}"
83		91
84	PACKAGES =+ "${PN}-socketcontrol"	92	PACKAGES =+ "${PN}-socketcontrol"
85	FILES_${PN} += "${systemd_unitdir}"	93	FILES_${PN} += "${systemd_unitdir} ${sysconfdir}/tmpfiles.d"
86	FILES_${PN}-socketcontrol = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"	94	FILES_${PN}-socketcontrol = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
87		95
88	CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"	96	CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"