uboot: (firmwareOdroidC2/C4) don't invoke patch tool, use patches = [] instead

https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/setup.sh#L948 this can do it nicely. Signed-off-by: Anton Arapov <anton@deadbeef.mx>
2021-04-03 12:58:10 +02:00 · 2021-04-03 12:58:10 +02:00 · 56de2bcd43
commit 56de2bcd43
30691 changed files with 3076956 additions and 0 deletions
--- a/pkgs/applications/networking/ids/daq/default.nix
+++ b/pkgs/applications/networking/ids/daq/default.nix
@ -0,0 +1,28 @@
+{ lib, stdenv, fetchurl, flex, bison, libpcap, libdnet, libnfnetlink, libnetfilter_queue}:
+
+stdenv.mkDerivation rec {
+  pname = "daq";
+  version = "2.2.2";
+
+  src = fetchurl {
+    name = "${pname}-${version}.tar.gz";
+    url = "https://snort.org/downloads/archive/snort/${pname}-${version}.tar.gz";
+    sha256 = "0yvzscy7vqj7s5rccza0f7p6awghfm3yaxihx1h57lqspg51in3w";
+  };
+
+  buildInputs = [ flex bison libpcap libdnet libnfnetlink libnetfilter_queue];
+
+  configureFlags = [
+    "--enable-nfq-module=yes"
+    "--with-dnet-includes=${libdnet}/includes"
+    "--with-dnet-libraries=${libdnet}/lib"
+  ];
+
+  meta = {
+    description = "Data AcQuisition library (DAQ), for packet I/O";
+    homepage = "https://www.snort.org";
+    maintainers = with lib.maintainers; [ aycanirican ];
+    license = lib.licenses.gpl2;
+    platforms = with lib.platforms; linux;
+  };
+}
--- a/pkgs/applications/networking/ids/snort/default.nix
+++ b/pkgs/applications/networking/ids/snort/default.nix
@ -0,0 +1,40 @@
+{lib, stdenv, pkg-config, luajit, openssl, fetchurl, libpcap, pcre, libdnet, daq, zlib, flex, bison, makeWrapper
+, libtirpc
+}:
+
+stdenv.mkDerivation rec {
+  version = "2.9.18";
+  pname = "snort";
+
+  src = fetchurl {
+    name = "${pname}-${version}.tar.gz";
+    url = "https://snort.org/downloads/archive/snort/${pname}-${version}.tar.gz";
+    sha256 = "0xrc7crchflfrk4x5dq5zx22zkmgcrbkww5r1pvkc3cyyr18cc6h";
+  };
+
+  nativeBuildInputs = [ makeWrapper ];
+  buildInputs = [ pkg-config luajit openssl libpcap pcre libdnet daq zlib flex bison libtirpc ];
+
+  NIX_CFLAGS_COMPILE = [ "-I${libtirpc.dev}/include/tirpc" ];
+
+  enableParallelBuilding = true;
+
+  configureFlags = [
+    "--disable-static-daq"
+    "--enable-control-socket"
+    "--with-daq-includes=${daq}/includes"
+    "--with-daq-libraries=${daq}/lib"
+  ];
+
+  postInstall = ''
+    wrapProgram $out/bin/snort --add-flags "--daq-dir ${daq}/lib/daq --dynamic-preprocessor-lib-dir $out/lib/snort_dynamicpreprocessor/ --dynamic-engine-lib-dir $out/lib/snort_dynamicengine"
+  '';
+
+  meta = {
+    description = "Network intrusion prevention and detection system (IDS/IPS)";
+    homepage = "https://www.snort.org";
+    maintainers = with lib.maintainers; [ aycanirican ];
+    license = lib.licenses.gpl2;
+    platforms = with lib.platforms; linux;
+  };
+}
--- a/pkgs/applications/networking/ids/suricata/bpf_stubs_workaround.patch
+++ b/pkgs/applications/networking/ids/suricata/bpf_stubs_workaround.patch
@ -0,0 +1,19 @@
+*** suricata-5.0.0/ebpf/Makefile.in	2019-10-16 22:39:13.174649416 +0200
+--- suricata-5.0.0/ebpf/Makefile.in.fixed	2019-10-16 22:38:41.822201802 +0200
+***************
+*** 527,533 ****
+  @BUILD_EBPF_TRUE@$(BPF_TARGETS): %.bpf: %.c
+  #      From C-code to LLVM-IR format suffix .ll (clang -S -emit-llvm)
+  @BUILD_EBPF_TRUE@	${CLANG} -Wall $(BPF_CFLAGS) -O2 \
+! @BUILD_EBPF_TRUE@		-I/usr/include/$(build_cpu)-$(build_os)/ \
+  @BUILD_EBPF_TRUE@		-D__KERNEL__ -D__ASM_SYSREG_H \
+  @BUILD_EBPF_TRUE@		-target bpf -S -emit-llvm $< -o ${@:.bpf=.ll}
+  #      From LLVM-IR to BPF-bytecode in ELF-obj file
+--- 527,533 ----
+  @BUILD_EBPF_TRUE@$(BPF_TARGETS): %.bpf: %.c
+  #      From C-code to LLVM-IR format suffix .ll (clang -S -emit-llvm)
+  @BUILD_EBPF_TRUE@	${CLANG} -Wall $(BPF_CFLAGS) -O2 \
+! @BUILD_EBPF_TRUE@		-idirafter ../bpf_stubs_workaround \
+  @BUILD_EBPF_TRUE@		-D__KERNEL__ -D__ASM_SYSREG_H \
+  @BUILD_EBPF_TRUE@		-target bpf -S -emit-llvm $< -o ${@:.bpf=.ll}
+  #      From LLVM-IR to BPF-bytecode in ELF-obj file
--- a/pkgs/applications/networking/ids/suricata/default.nix
+++ b/pkgs/applications/networking/ids/suricata/default.nix
@ -0,0 +1,158 @@
+{ stdenv
+, lib
+, fetchurl
+, clang
+, llvm
+, pkg-config
+, makeWrapper
+, file
+, hyperscan
+, jansson
+, libbpf
+, libcap_ng
+, libelf
+, libevent
+, libmaxminddb
+, libnet
+, libnetfilter_log
+, libnetfilter_queue
+, libnfnetlink
+, libpcap
+, libyaml
+, luajit
+, lz4
+, nspr
+, nss
+, pcre
+, python
+, zlib
+, redisSupport ? true, redis, hiredis
+, rustSupport ? true, rustc, cargo
+}: let
+  libmagic = file;
+  hyperscanSupport = stdenv.system == "x86_64-linux" || stdenv.system == "i686-linux";
+in
+stdenv.mkDerivation rec {
+  pname = "suricata";
+  version = "6.0.4";
+
+  src = fetchurl {
+    url = "https://www.openinfosecfoundation.org/download/${pname}-${version}.tar.gz";
+    sha256 = "sha256-qPGX4z0WeGieu/e8Gr6Ek0xGXSLFBMR8LH6bdKoELQ0=";
+  };
+
+  nativeBuildInputs = [
+    clang
+    llvm
+    makeWrapper
+    pkg-config
+  ]
+  ++ lib.optionals rustSupport [ rustc cargo ]
+  ;
+
+  buildInputs = [
+    jansson
+    libbpf
+    libcap_ng
+    libelf
+    libevent
+    libmagic
+    libmaxminddb
+    libnet
+    libnetfilter_log
+    libnetfilter_queue
+    libnfnetlink
+    libpcap
+    libyaml
+    luajit
+    lz4
+    nspr
+    nss
+    pcre
+    python
+    zlib
+  ]
+  ++ lib.optional hyperscanSupport hyperscan
+  ++ lib.optionals redisSupport [ redis hiredis ]
+  ;
+
+  enableParallelBuilding = true;
+
+  patches = lib.optional stdenv.is64bit ./bpf_stubs_workaround.patch;
+
+  postPatch = ''
+    substituteInPlace ./configure \
+      --replace "/usr/bin/file" "${file}/bin/file"
+    substituteInPlace ./libhtp/configure \
+      --replace "/usr/bin/file" "${file}/bin/file"
+
+    mkdir -p bpf_stubs_workaround/gnu
+    touch bpf_stubs_workaround/gnu/stubs-32.h
+  '';
+
+  configureFlags = [
+    "--disable-gccmarch-native"
+    "--enable-af-packet"
+    "--enable-ebpf"
+    "--enable-ebpf-build"
+    "--enable-gccprotect"
+    "--enable-geoip"
+    "--enable-luajit"
+    "--enable-nflog"
+    "--enable-nfqueue"
+    "--enable-pie"
+    "--disable-prelude"
+    "--enable-python"
+    "--enable-unix-socket"
+    "--localstatedir=/var"
+    "--sysconfdir=/etc"
+    "--with-libnet-includes=${libnet}/include"
+    "--with-libnet-libraries=${libnet}/lib"
+  ]
+  ++ lib.optionals hyperscanSupport [
+    "--with-libhs-includes=${hyperscan.dev}/include/hs"
+    "--with-libhs-libraries=${hyperscan}/lib"
+  ]
+  ++ lib.optional redisSupport "--enable-hiredis"
+  ++ lib.optionals rustSupport [
+    "--enable-rust"
+    "--enable-rust-experimental"
+  ];
+
+  postConfigure = ''
+    # Avoid unintended clousure growth.
+    sed -i 's|/nix/store/\(.\{8\}\)[^-]*-|/nix/store/\1...-|g' ./src/build-info.h
+  '';
+
+  hardeningDisable = [ "stackprotector" ];
+
+  installFlags = [
+    "e_localstatedir=\${TMPDIR}"
+    "e_logdir=\${TMPDIR}"
+    "e_logcertsdir=\${TMPDIR}"
+    "e_logfilesdir=\${TMPDIR}"
+    "e_rundir=\${TMPDIR}"
+    "e_sysconfdir=\${out}/etc/suricata"
+    "e_sysconfrulesdir=\${out}/etc/suricata/rules"
+    "localstatedir=\${TMPDIR}"
+    "runstatedir=\${TMPDIR}"
+    "sysconfdir=\${out}/etc"
+  ];
+
+  installTargets = [ "install" "install-conf" ];
+
+  postInstall = ''
+    wrapProgram "$out/bin/suricatasc" \
+      --prefix PYTHONPATH : $PYTHONPATH:$(toPythonPath "$out")
+    substituteInPlace "$out/etc/suricata/suricata.yaml" \
+      --replace "/etc/suricata" "$out/etc/suricata"
+  '';
+
+  meta = with lib; {
+    description = "A free and open source, mature, fast and robust network threat detection engine";
+    homepage = "https://suricata-ids.org";
+    license = licenses.gpl2;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ magenbluten ];
+  };
+}
--- a/pkgs/applications/networking/ids/zeek/default.nix
+++ b/pkgs/applications/networking/ids/zeek/default.nix
@ -0,0 +1,81 @@
+{ lib
+, stdenv
+, fetchurl
+, cmake
+, flex
+, bison
+, openssl
+, libpcap
+, zlib
+, file
+, curl
+, libmaxminddb
+, gperftools
+, python3
+, swig
+, gettext
+, coreutils
+, ncurses
+, caf
+}:
+
+stdenv.mkDerivation rec {
+  pname = "zeek";
+  version = "4.2.2";
+
+  src = fetchurl {
+    url = "https://download.zeek.org/zeek-${version}.tar.gz";
+    sha256 = "sha256-9Q3X24uAmnSnLUAklK+gC0Mu8eh81ZE2h/7uIVc8cAw=";
+  };
+
+  nativeBuildInputs = [
+    bison
+    cmake
+    file
+    flex
+  ];
+
+  buildInputs = [
+    curl
+    gperftools
+    libmaxminddb
+    libpcap
+    ncurses
+    openssl
+    python3
+    swig
+    zlib
+  ] ++ lib.optionals stdenv.isDarwin [
+    gettext
+  ];
+
+  outputs = [ "out" "lib" "py" ];
+
+  cmakeFlags = [
+    "-DCAF_ROOT=${caf}"
+    "-DZEEK_PYTHON_DIR=${placeholder "py"}/lib/${python3.libPrefix}/site-packages"
+    "-DENABLE_PERFTOOLS=true"
+    "-DINSTALL_AUX_TOOLS=true"
+  ];
+
+  postInstall = ''
+    for file in $out/share/zeek/base/frameworks/notice/actions/pp-alarms.zeek $out/share/zeek/base/frameworks/notice/main.zeek; do
+      substituteInPlace $file \
+         --replace "/bin/rm" "${coreutils}/bin/rm" \
+         --replace "/bin/cat" "${coreutils}/bin/cat"
+    done
+
+    for file in $out/share/zeek/policy/misc/trim-trace-file.zeek $out/share/zeek/base/frameworks/logging/postprocessors/scp.zeek $out/share/zeek/base/frameworks/logging/postprocessors/sftp.zeek; do
+      substituteInPlace $file --replace "/bin/rm" "${coreutils}/bin/rm"
+    done
+  '';
+
+  meta = with lib; {
+    description = "Network analysis framework much different from a typical IDS";
+    homepage = "https://www.zeek.org";
+    changelog = "https://github.com/zeek/zeek/blob/v${version}/CHANGES";
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ pSub marsam tobim ];
+    platforms = platforms.unix;
+  };
+}