File suricata.spec of Package suricata

%define realname suricata
%define realver  5.0.0
%define srcext   tar.gz

%define sc_ver   1.0

%define htp_ver     0.5.31
%define htp_so_ver  2

%define rulesdir    %{_localstatedir}/lib/suricata/rules

# turn off the generation of debuginfo rpm  (RH9) ??
%global debug_package %{nil}

%if ! 0%{?_fillupdir:1}
%global _fillupdir /var/adm/fillup-templates
%endif

%if ! 0%{?py_ver:1}
%define py_ver %(python -c "import sys; v=sys.version_info[:2]; print '%%d.%%d'%%v" 2>/dev/null || echo PYTHON-NOT-FOUND)
%endif

# Common info
Name:          %{realname}
Version:       %{realver}
Release:       wiz%{?extraver:0.}1%{?dist}
License:       GPL-2.0
Group:         Productivity/Networking/Security
URL:           http://suricata-ids.org/
Summary:       High performance Network IDS, IPS and Network Security Monitoring engine

# Install-time parameters
%if 0%{?suse_version} || 0%{?rhel} >= 8
Recommends:    suricata-rules
%else
Requires:      suricata-rules
%endif
Requires:      python(abi) = %{py_ver}
Provides:      python-suricata = %{version}-%{release}
Provides:      python-suricata-update

# Build-time parameters
BuildRequires: pkg-config python
BuildRequires: cargo rust
BuildRequires: zlib-devel
BuildRequires: pcre-devel
BuildRequires: yaml-devel
BuildRequires: libjansson-devel >= 2.2
BuildRequires: libnfnetlink-devel libnetfilter_log-devel libnetfilter_queue-devel
BuildRequires: libprelude-devel
BuildRequires: libnet-devel
BuildRequires: libpcap-devel
BuildRequires: libcap-ng-devel
BuildRequires: file-devel
BuildRequires: libmaxminddb-devel
BuildRequires: libevent-devel
BuildRequires: hiredis-devel
BuildRequires: lz4-devel
BuildRequires: pkgconfig(libhs)
BuildRequires: pkgconfig(nspr)
BuildRequires: pkgconfig(nss)
BuildRequires: pkgconfig(luajit)
BuildRequires: python-yaml
BuildRequires: python-Sphinx python-packaging python-setuptools
BuildRoot:     %{_tmppath}/%{name}-root
Source0:       http://www.openinfosecfoundation.org/download/%{realname}-%{realver}%{?extraver}.%{srcext}
Source11:      suricata.sysconfig
Source12:      suricata.init

%description
Suricata is a high performance Network IDS, IPS and Network Security Monitoring
engine. Open Source and owned by a community run non-profit foundation,
the Open Information Security Foundation (OISF).

%package -n suricatasc
Version:       %{sc_ver}
Group:         Productivity/Networking/Security
Summary:       Client for Suricata unix socket
Requires:      suricata
Requires:      python(abi) = %{py_ver}
Provides:      python-suricatasc = %{sc_ver}

%description -n suricatasc
Command-line client for Suricata unix socket.

%package -n libhtp%{?htp_so_ver}
Version:       %{htp_ver}
Group:         System/Libraries
Summary:       A security-aware HTTP parser, designed for use in IDS/IPS and WAF products
Provides:      libhtp = %{htp_ver}-%{release}
Obsoletes:     libhtp < %{htp_ver}-%{release}

%description -n libhtp%{?htp_so_ver}
LibHTP is a security-aware parser for the HTTP protocol and the related bits
and pieces.

%package -n libhtp-devel
Version:       %{htp_ver}
Group:         Development/Languages/C and C++
Summary:       Development files for libhtp%{?htp_so_ver}
Provides:      libhtp%{?htp_so_ver}-devel
Requires:      libhtp%{?htp_so_ver} = %{htp_ver}-%{release}

%description -n libhtp-devel
Development files for libhtp%{?htp_so_ver}.

LibHTP is a security-aware parser for the HTTP protocol and the related bits
and pieces.

%prep
%setup -q -n %{realname}-%{realver}%{?extraver}

%build
%configure \
 --disable-static \
 --enable-python \
 --enable-gccprotect \
 \
 --enable-unix-socket \
 --enable-nflog \
 --enable-nfqueue \
 --enable-luajit \
 --enable-geoip \
 --enable-pie \
 --enable-hiredis \
 CFLAGS="%{optflags} %{gcc_lto}" \
 CXXFLAGS="%{optflags} %{gcc_lto}" \
 LDFLAGS="-Wl,--as-needed -Wl,--strip-all %{gcc_lto}"
%{__make} %{?_smp_mflags}

%install
%{__make} install install-conf DESTDIR=%{buildroot}
%{__install} -d -m755 %{buildroot}%{rulesdir}
%{__install} -d -m755 %{buildroot}/var/log/suricata/
%{__install} -d -m755 %{buildroot}/var/run/suricata/
%{__install} -m0644 rules/*.rules %{buildroot}%{rulesdir}
%{__rm} -rf %{buildroot}%{_datadir}/doc/%{name}
%{__python} -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %{buildroot}%{python_sitelib}/suricatasc/
%{__install} -D -m755 %{S:12} %{buildroot}%{_initrddir}/suricata
%if %{expand:%_vendor == "suse"}
%{__install} -d -m755 %{buildroot}%{_sbindir}
%{__ln_s} %{_initrddir}/suricata %{buildroot}%{_sbindir}/rcsuricata
%{__install} -D -m644 %{S:11} %{buildroot}%{_fillupdir}/sysconfig.suricata
%else
%{__install} -D -m644 %{S:11} %{buildroot}%{_sysconfdir}/sysconfig/suricata
%endif
# Fix compiled python modules (remove buildroot)
[ "%{buildroot}" != "/" ] && find %{buildroot}%{python_sitelib} \( -name \*.pyc -o -name \*.pyo \) -delete
cd %{buildroot}%{python_sitelib}/suricata/
python -m compileall
cd %{buildroot}%{python_sitelib}/suricatasc/
python -m compileall

%clean
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}

%files
%defattr(-,root,root)
%doc doc/AUTHORS COPYING LICENSE
%dir %{_sysconfdir}/suricata/
%config(noreplace) %{_sysconfdir}/suricata/suricata.yaml
%config(noreplace) %{_sysconfdir}/suricata/classification.config
%config(noreplace) %{_sysconfdir}/suricata/reference.config
%config(noreplace) %{_sysconfdir}/suricata/threshold.config
%{_initrddir}/suricata
%if %{expand:%_vendor == "suse"}
%{_sbindir}/rcsuricata
%{_fillupdir}/sysconfig.suricata
%else
%config(noreplace) %{_sysconfdir}/sysconfig/suricata
%endif
%{_bindir}/suricata
%{_bindir}/suricata-update
%{_bindir}/suricatactl
%{python_sitelib}/%{name}/
%{python_sitelib}/%{name}-*-py%{py_ver}.egg-info
%{python_sitelib}/suricata_update-*-py%{py_ver}.egg-info
%dir %{_datadir}/suricata/rules
%dir %{_datadir}/suricata
%{_datadir}/suricata/rules/*.rules
%{_datadir}/suricata/*.config
%dir %{rulesdir}
%{rulesdir}/*.rules
%dir /var/log/suricata/
%doc %{_mandir}/man1/suricata.1*
%ghost %dir /var/run/suricata/

%files -n suricatasc
%defattr(-,root,root)
%{_bindir}/suricatasc
%{python_sitelib}/suricatasc/

%files -n libhtp%{?htp_so_ver}
%defattr(-,root,root)
%doc libhtp/AUTHORS libhtp/LICENSE libhtp/README
%{_libdir}/libhtp.so.%{?htp_so_ver}*

%files -n libhtp-devel
%defattr(-,root,root)
%doc libhtp/AUTHORS libhtp/LICENSE libhtp/README libhtp/docs/QUICK_START
%{_libdir}/pkgconfig/htp.pc
%{_libdir}/libhtp*.so
%dir %{_includedir}/htp/lzma
%dir %{_includedir}/htp
%{_includedir}/htp/lzma/*.h
%{_includedir}/htp/*.h
%exclude %{_libdir}/libhtp*.la

%if 0%{?suse_version}
%post
%{fillup_and_insserv -n %{name}}

%preun
%{stop_on_removal %{name}}

%postun
%{restart_on_update %{name}}
%{insserv_cleanup}
%endif

%post   -n libhtp%{?htp_so_ver} -p /sbin/ldconfig
%postun -n libhtp%{?htp_so_ver} -p /sbin/ldconfig

%changelog