diff options
author | Mario Rodas <marsam@users.noreply.github.com> | 2023-02-05 17:37:11 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-05 17:37:11 -0500 |
commit | 28116031e25579216521f7b091160cb0f355e058 (patch) | |
tree | 963013fa81592a7c11bfa4e071b04299eb0c3382 | |
parent | 5f5d853fa801104b9d29e1ee70aba11d01a98b53 (diff) | |
parent | 6baa1be942156074820eb401bff40eccfc6b7cbe (diff) |
Merge pull request #180653 from tobim/pkgs/zeek-5.0.0
zeek: 4.2.2 -> 5.1.2
9 files changed, 340 insertions, 8 deletions
diff --git a/pkgs/applications/networking/ids/zeek/avoid-broken-tests.patch b/pkgs/applications/networking/ids/zeek/avoid-broken-tests.patch new file mode 100644 index 0000000000000..4784e6790fc3f --- /dev/null +++ b/pkgs/applications/networking/ids/zeek/avoid-broken-tests.patch @@ -0,0 +1,16 @@ +diff --git a/auxil/spicy/spicy/hilti/toolchain/CMakeLists.txt b/auxil/spicy/spicy/hilti/toolchain/CMakeLists.txt +index bafbabf1..0579f20a 100644 +--- a/auxil/spicy/spicy/hilti/toolchain/CMakeLists.txt ++++ b/auxil/spicy/spicy/hilti/toolchain/CMakeLists.txt +@@ -188,11 +188,3 @@ install_headers(include hilti) + install_headers(${PROJECT_BINARY_DIR}/include/hilti hilti) + install(CODE "file(REMOVE \"\$ENV\{DESTDIR\}${CMAKE_INSTALL_FULL_INCLUDEDIR}/hilti/hilti\")" + )# Get rid of symlink. +- +-##### Tests +- +-add_executable(hilti-toolchain-tests tests/main.cc tests/id-base.cc tests/visitor.cc tests/util.cc) +-hilti_link_executable_in_tree(hilti-toolchain-tests PRIVATE) +-target_link_libraries(hilti-toolchain-tests PRIVATE doctest) +-target_compile_options(hilti-toolchain-tests PRIVATE "-Wall") +-add_test(NAME hilti-toolchain-tests COMMAND ${PROJECT_BINARY_DIR}/bin/hilti-toolchain-tests) diff --git a/pkgs/applications/networking/ids/zeek/broker/0001-Fix-include-path-in-exported-CMake-targets.patch b/pkgs/applications/networking/ids/zeek/broker/0001-Fix-include-path-in-exported-CMake-targets.patch new file mode 100644 index 0000000000000..07b95960ef857 --- /dev/null +++ b/pkgs/applications/networking/ids/zeek/broker/0001-Fix-include-path-in-exported-CMake-targets.patch @@ -0,0 +1,75 @@ +From 889ee4dd9e778511e2fb850e6467f55a331cded9 Mon Sep 17 00:00:00 2001 +From: Tobias Mayer <tobim@fastmail.fm> +Date: Sun, 13 Nov 2022 19:06:00 +0100 +Subject: [PATCH] Fix include path in exported CMake targets + +--- + CMakeLists.txt | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index e22b77aa..77a15314 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -209,7 +209,6 @@ if (CAF_ROOT) + else() + find_package(CAF REQUIRED COMPONENTS openssl test io core net) + endif() +- list(APPEND LINK_LIBS CAF::core CAF::io CAF::net) + set(BROKER_USE_EXTERNAL_CAF ON) + else () + message(STATUS "Using bundled CAF") +@@ -243,22 +242,18 @@ endif () + + # Make sure there are no old header versions on disk. + install( +- CODE "MESSAGE(STATUS \"Removing: ${CMAKE_INSTALL_PREFIX}/include/broker\")" +- CODE "file(REMOVE_RECURSE \"${CMAKE_INSTALL_PREFIX}/include/broker\")") ++ CODE "MESSAGE(STATUS \"Removing: ${CMAKE_FULL_INSTALL_INCLUDEDIR}/broker\")" ++ CODE "file(REMOVE_RECURSE \"${CMAKE_FULL_INSTALL_INCLUDEDIR}/broker\")") + + # Install all headers except the files from broker/internal. + install(DIRECTORY include/broker +- DESTINATION include ++ DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}" + FILES_MATCHING PATTERN "*.hh" + PATTERN "include/broker/internal" EXCLUDE) + +-include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/include) +- +-include_directories(${CMAKE_CURRENT_BINARY_DIR}/include) +- + configure_file(${CMAKE_CURRENT_SOURCE_DIR}/src/config.hh.in + ${CMAKE_CURRENT_BINARY_DIR}/include/broker/config.hh) +-install(FILES ${CMAKE_CURRENT_BINARY_DIR}/include/broker/config.hh DESTINATION include/broker) ++install(FILES ${CMAKE_CURRENT_BINARY_DIR}/include/broker/config.hh DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/broker") + + if (NOT BROKER_EXTERNAL_SQLITE_TARGET) + include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty) +@@ -360,6 +355,11 @@ if (ENABLE_SHARED) + OUTPUT_NAME broker) + target_link_libraries(broker PUBLIC ${LINK_LIBS}) + target_link_libraries(broker PRIVATE CAF::core CAF::io CAF::net) ++ target_include_directories( ++ broker PUBLIC ++ $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include> ++ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include> ++ $<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>) + install(TARGETS broker + EXPORT BrokerTargets + DESTINATION ${CMAKE_INSTALL_LIBDIR}) +@@ -373,6 +373,11 @@ if (ENABLE_STATIC) + endif() + target_link_libraries(broker_static PUBLIC ${LINK_LIBS}) + target_link_libraries(broker_static PRIVATE CAF::core CAF::io CAF::net) ++ target_include_directories( ++ broker_static PUBLIC ++ $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}/include> ++ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include> ++ $<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>) + install(TARGETS broker_static + EXPORT BrokerTargets + DESTINATION ${CMAKE_INSTALL_LIBDIR}) +-- +2.38.1 + diff --git a/pkgs/applications/networking/ids/zeek/broker/default.nix b/pkgs/applications/networking/ids/zeek/broker/default.nix new file mode 100644 index 0000000000000..cb10e43933aa7 --- /dev/null +++ b/pkgs/applications/networking/ids/zeek/broker/default.nix @@ -0,0 +1,88 @@ +{ stdenv +, lib +, callPackage +, fetchFromGitHub +, cmake +, pkg-config +, python3 +, caf +, openssl +}: +let + inherit (stdenv.hostPlatform) isStatic; + + src-cmake = fetchFromGitHub { + owner = "zeek"; + repo = "cmake"; + rev = "0b7a543554622600bc0a42b57a22f291a4fbd86c"; + hash = "sha256-kaBOBTpfR3XyuF4PW5NQKca/UhXXxJJcXVsErFU1VYY="; + }; + src-3rdparty = fetchFromGitHub { + owner = "zeek"; + repo = "zeek-3rdparty"; + rev = "eb87829547270eab13c223e6de58b25bc9a0282e"; + hash = "sha256-AVaKcRjF5ZiSR8aPSLBzSTeWVwGWW/aSyQJcN0Yhza0="; + }; + caf' = caf.overrideAttrs (old: { + version = "unstable-2022-11-17-zeek"; + src = fetchFromGitHub { + owner = "zeek"; + repo = "actor-framework"; + rev = "dbb68b4573736d7aeb69268cc73aa766c998b3dd"; + hash = "sha256-RV2mKF3B47h/hDgK/D1UJN/ll2G5rcPkHaLVY1/C/Pg="; + }; + checkPhase = '' + runHook preCheck + libcaf_core/caf-core-test + libcaf_io/caf-io-test + libcaf_openssl/caf-openssl-test + libcaf_net/caf-net-test --not-suites='net.*' + runHook postCheck + ''; + }); +in +stdenv.mkDerivation rec { + pname = "zeek-broker"; + version = "2.4.2"; + outputs = [ "out" "py" ]; + + strictDeps = true; + + src = fetchFromGitHub { + owner = "zeek"; + repo = "broker"; + rev = "v${version}"; + hash = "sha256-y07fJEVPDGPv5VThE45SwM342VS6LnEtMvazZHadM/k="; + }; + postUnpack = '' + rmdir $sourceRoot/cmake $sourceRoot/3rdparty + ln -s ${src-cmake} ''${sourceRoot}/cmake + ln -s ${src-3rdparty} ''${sourceRoot}/3rdparty + + # Refuses to build the bindings unless this file is present, but never + # actually uses it. + touch $sourceRoot/bindings/python/3rdparty/pybind11/CMakeLists.txt + ''; + + patches = [ + ./0001-Fix-include-path-in-exported-CMake-targets.patch + ]; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ openssl python3.pkgs.pybind11 ]; + propagatedBuildInputs = [ caf' ]; + + cmakeFlags = [ + "-DCAF_ROOT=${caf'}" + "-DENABLE_STATIC_ONLY:BOOL=${if isStatic then "ON" else "OFF"}" + "-DPY_MOD_INSTALL_DIR=${placeholder "py"}/${python3.sitePackages}/" + ]; + + meta = with lib; { + description = "Zeek's Messaging Library"; + homepage = "https://github.com/zeek/broker"; + license = licenses.bsd3; + platforms = platforms.unix; + maintainers = with maintainers; [ tobim ]; + }; +} diff --git a/pkgs/applications/networking/ids/zeek/debug-runtime-undef-fortify-source.patch b/pkgs/applications/networking/ids/zeek/debug-runtime-undef-fortify-source.patch new file mode 100644 index 0000000000000..18aef601325dc --- /dev/null +++ b/pkgs/applications/networking/ids/zeek/debug-runtime-undef-fortify-source.patch @@ -0,0 +1,26 @@ +diff --git a/auxil/spicy/spicy/hilti/runtime/CMakeLists.txt b/auxil/spicy/spicy/hilti/runtime/CMakeLists.txt +index f154901c..76563717 100644 +--- a/auxil/spicy/spicy/hilti/runtime/CMakeLists.txt ++++ b/auxil/spicy/spicy/hilti/runtime/CMakeLists.txt +@@ -69,7 +69,7 @@ target_compile_definitions(hilti-rt-objects PRIVATE "HILTI_RT_BUILD_TYPE_RELEASE + # Build hilti-rt-debug with debug flags. + string(REPLACE " " ";" cxx_flags_debug ${CMAKE_CXX_FLAGS_DEBUG}) + target_compile_options(hilti-rt-debug-objects PRIVATE ${cxx_flags_debug}) +-target_compile_options(hilti-rt-debug-objects PRIVATE "-UNDEBUG;-O0;-Wall") ++target_compile_options(hilti-rt-debug-objects PRIVATE "-UNDEBUG;-O0;-Wall;-U_FORTIFY_SOURCE") + target_compile_definitions(hilti-rt-debug-objects PRIVATE "HILTI_RT_BUILD_TYPE_DEBUG") + + add_library(hilti-rt-tests-library-dummy1 SHARED src/tests/library-dummy.cc) +diff --git a/auxil/spicy/spicy/spicy/runtime/CMakeLists.txt b/auxil/spicy/spicy/spicy/runtime/CMakeLists.txt +index 20e7d291..9712341f 100644 +--- a/auxil/spicy/spicy/spicy/runtime/CMakeLists.txt ++++ b/auxil/spicy/spicy/spicy/runtime/CMakeLists.txt +@@ -48,7 +48,7 @@ target_link_libraries(spicy-rt-objects PUBLIC hilti-rt-objects) + # Build spicy-rt-debug with debug flags. + string(REPLACE " " ";" cxx_flags_debug ${CMAKE_CXX_FLAGS_DEBUG}) + target_compile_options(spicy-rt-debug-objects PRIVATE ${cxx_flags_debug}) +-target_compile_options(spicy-rt-debug-objects PRIVATE "-UNDEBUG;-O0;-Wall") ++target_compile_options(spicy-rt-debug-objects PRIVATE "-UNDEBUG;-O0;-Wall;-U_FORTIFY_SOURCE") + target_compile_definitions(spicy-rt-debug-objects PRIVATE "HILTI_RT_BUILD_TYPE_DEBUG") + target_link_libraries(spicy-rt-debug-objects PUBLIC hilti-rt-debug-objects) + diff --git a/pkgs/applications/networking/ids/zeek/default.nix b/pkgs/applications/networking/ids/zeek/default.nix index ddeb03698e953..0bacf8ce03c4c 100644 --- a/pkgs/applications/networking/ids/zeek/default.nix +++ b/pkgs/applications/networking/ids/zeek/default.nix @@ -1,10 +1,13 @@ { lib , stdenv +, callPackage , fetchurl , cmake , flex , bison +, spicy-parser-generator , openssl +, libkqueue , libpcap , zlib , file @@ -16,46 +19,69 @@ , gettext , coreutils , ncurses -, caf }: +let + broker = callPackage ./broker { }; +in stdenv.mkDerivation rec { pname = "zeek"; - version = "4.2.2"; + version = "5.1.2"; src = fetchurl { url = "https://download.zeek.org/zeek-${version}.tar.gz"; - sha256 = "sha256-9Q3X24uAmnSnLUAklK+gC0Mu8eh81ZE2h/7uIVc8cAw="; + sha256 = "sha256-1DvXUcTbLBm9UjJXuk8DjGEj+lED+s9D+SNnSqA3bwU="; }; + strictDeps = true; + + patches = [ + ./avoid-broken-tests.patch + ./debug-runtime-undef-fortify-source.patch + ./fix-installation.patch + ]; + nativeBuildInputs = [ bison cmake file flex + python3 ]; buildInputs = [ + broker + spicy-parser-generator curl gperftools + libkqueue libmaxminddb libpcap ncurses openssl - python3 swig zlib ] ++ lib.optionals stdenv.isDarwin [ gettext ]; - outputs = [ "out" "lib" "py" ]; + postPatch = '' + patchShebangs ./auxil/spicy/spicy/scripts + + substituteInPlace auxil/spicy/CMakeLists.txt --replace "hilti-toolchain-tests" "" + substituteInPlace auxil/spicy/spicy/hilti/CMakeLists.txt --replace "hilti-toolchain-tests" "" + ''; cmakeFlags = [ - "-DCAF_ROOT=${caf}" - "-DZEEK_PYTHON_DIR=${placeholder "py"}/lib/${python3.libPrefix}/site-packages" + "-DBroker_ROOT=${broker}" + "-DSPICY_ROOT_DIR=${spicy-parser-generator}" + "-DLIBKQUEUE_ROOT_DIR=${libkqueue}" "-DENABLE_PERFTOOLS=true" "-DINSTALL_AUX_TOOLS=true" + "-DZEEK_ETC_INSTALL_DIR=/etc/zeek" + "-DZEEK_LOG_DIR=/var/log/zeek" + "-DZEEK_STATE_DIR=/var/lib/zeek" + "-DZEEK_SPOOL_DIR=/var/spool/zeek" ]; postInstall = '' @@ -70,6 +96,10 @@ stdenv.mkDerivation rec { done ''; + passthru = { + inherit broker; + }; + meta = with lib; { description = "Network analysis framework much different from a typical IDS"; homepage = "https://www.zeek.org"; diff --git a/pkgs/applications/networking/ids/zeek/fix-installation.patch b/pkgs/applications/networking/ids/zeek/fix-installation.patch new file mode 100644 index 0000000000000..6360a11730517 --- /dev/null +++ b/pkgs/applications/networking/ids/zeek/fix-installation.patch @@ -0,0 +1,28 @@ +From f8c42a712db42cfd00fca75be2ce63c3aad2aad1 Mon Sep 17 00:00:00 2001 +From: Tobias Mayer <tobim@fastmail.fm> +Date: Sun, 13 Nov 2022 21:48:36 +0100 +Subject: [PATCH] Fix installation + +--- + CMakeLists.txt | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 846b65efd..d8b0be169 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -81,11 +81,6 @@ if ( NOT ZEEK_LOG_DIR ) + set(ZEEK_LOG_DIR ${ZEEK_ROOT_DIR}/logs) + endif () + +-install(DIRECTORY DESTINATION ${ZEEK_ETC_INSTALL_DIR}) +-install(DIRECTORY DESTINATION ${ZEEK_STATE_DIR}) +-install(DIRECTORY DESTINATION ${ZEEK_SPOOL_DIR}) +-install(DIRECTORY DESTINATION ${ZEEK_LOG_DIR}) +- + configure_file(zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev) + execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink + "${CMAKE_CURRENT_BINARY_DIR}/zeek-wrapper.in" +-- +2.37.3 + diff --git a/pkgs/development/tools/parsing/spicy/default.nix b/pkgs/development/tools/parsing/spicy/default.nix new file mode 100644 index 0000000000000..f379a1ed05175 --- /dev/null +++ b/pkgs/development/tools/parsing/spicy/default.nix @@ -0,0 +1,67 @@ +{ lib +, stdenv +, fetchFromGitHub +, cmake +, makeWrapper +, python3 +, bison +, flex +, zlib +}: + +stdenv.mkDerivation rec { + pname = "spicy"; + version = "1.5.3"; + + strictDeps = true; + + src = fetchFromGitHub { + owner = "zeek"; + repo = "spicy"; + rev = "v${version}"; + hash = "sha256-eCF914QEBBqg3LfM3N22c7W0TMOhuHqLxncpAG+8FjU="; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ + cmake + makeWrapper + python3 + ]; + + buildInputs = [ + bison + flex + zlib + ]; + + postPatch = '' + patchShebangs scripts tests/scripts + ''; + + cmakeFlags = [ + "-DHILTI_DEV_PRECOMPILE_HEADERS=OFF" + ]; + + preFixup = '' + for b in $out/bin/* + do wrapProgram "$b" --prefix PATH : "${lib.makeBinPath [ bison flex ]}" + done + ''; + + meta = with lib; { + homepage = "https://github.com/zeek/spicy"; + description = "A C++ parser generator for dissecting protocols & files"; + longDescription = '' + Spicy is a parser generator that makes it easy to create robust C++ + parsers for network protocols, file formats, and more. Spicy is a bit + like a "yacc for protocols", but it's much more than that: It's an + all-in-one system enabling developers to write attributed grammars that + describe both syntax and semantics of an input format using a single, + unified language. Think of Spicy as a domain-specific scripting language + for all your parsing needs. + ''; + license = licenses.bsd3; + maintainers = with maintainers; [ tobim ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 9ad4750ce3992..1c3879d83676f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18515,6 +18515,8 @@ with pkgs; speedtest-cli = with python3Packages; toPythonApplication speedtest-cli; + spicy-parser-generator = callPackage ../development/tools/parsing/spicy { }; + spin = callPackage ../development/tools/analysis/spin { }; spirv-headers = callPackage ../development/libraries/spirv-headers { }; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 012367aba7082..6413eba3ba01e 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -12588,7 +12588,7 @@ self: super: with self; { zdaemon = callPackage ../development/python-modules/zdaemon { }; - zeek = (toPythonModule (pkgs.zeek.override { + zeek = (toPythonModule (pkgs.zeek.broker.override { python3 = python; })).py; |