Add packages for suricata #33886
Add packages for suricata #33886
Conversation
Also add suricata-full with Redis and Rust support.
|
Are you willing to maintain these packages? If so you should add yourself as a maintainer in the |
| meta = with stdenv.lib; { | ||
| homepage = https://01.org/hyperscan; | ||
| description = "A high-performance multiple regex matching library"; | ||
| license = [ licenses.bsd3 licenses.bsd2 licenses.boost ]; |
There was a problem hiding this comment.
This could be simplified as license = with licenses; [ bsd3 bsd2 boost ];
There was a problem hiding this comment.
with licenses; [ ... boost ] does not evaluate, FYI, because boost is also included in the function arguments.
There was a problem hiding this comment.
with clause will take precedence and shadow function arguments in that case.
There was a problem hiding this comment.
Try it for yourself.
https://gist.github.com/dhess/ec32c05364c73a69b91813d0d4e7e71d
$ nix-build pkgs/top-level/release.nix -A hyperscan
trace: WARNING: `addPassthru` is deprecated, replace with `extendDerivation true`
trace: lib.zip is deprecated, use lib.zipAttrsWith instead
trace: `mkStrict' is obsolete; use `mkOverride 0' instead.
trace: `types.list` is deprecated; use `types.listOf` instead
trace: types.optionSet is deprecated; use types.submodule instead
error: Package ‘python2.7-dosage-2016.03.17’ in /home/dhess/git/nixpkgs/pkgs/top-level/python-packages.nix:1555 is marked as broken, refusing to evaluate.
a) For `nixos-rebuild` you can set
{ nixpkgs.config.allowBroken = true; }
in configuration.nix to override this.
b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
{ allowBroken = true; }
to ~/.config/nixpkgs/config.nix.
(use ‘--show-trace’ to show detailed location information)
There was a problem hiding this comment.
You are right; interesting.
This prints 2:
let
a = { foo = 1; };
b = { foo = 2; };
in
with a;
with b;
builtins.trace foo foo
And this prints 1:
{ foo ? 1 }:
let
b = { foo = 2; };
in
with b;
builtins.trace foo foo
I'm not sure if that's intended; that doesn't seem to follow proper scoping rules. If there is no ticket against NixOS/nix on this, perhaps one should be opened.
| meta = with stdenv.lib; { | ||
| homepage = https://github.com/sam-github/libnet; | ||
| description = "Portable framework for low-level network packet construction"; | ||
| license = [ licenses.bsd2 licenses.bsd3 ]; |
There was a problem hiding this comment.
Same here. Can be simplified.
| , swig | ||
| }: | ||
|
|
||
| let |
| gnutls | ||
| ]; | ||
|
|
||
| propagatedBuildInputs = [ |
There was a problem hiding this comment.
Should all of these really be propagated?
I think these should probably be separate packages in their respective languages (eg python module in pkgs/development/python-modules).
| # - CUDA support (note: requires driver API, not the runtime API, so cudatoolkit doesn't work) | ||
|
|
||
| { stdenv | ||
| , lib |
There was a problem hiding this comment.
Better use stdenv.lib instead of lib.
| , pcre | ||
| , python | ||
| , zlib | ||
| , redisSupport ? false, redis, hiredis |
There was a problem hiding this comment.
If Redis support is optional, it would make sense to mark redis and hiredis attributes optional as well:
, redisSupport ? false, redis ? null, hiredis ? null
Same with rustSupport.
| name = "suricata-${version}"; | ||
|
|
||
| src = fetchurl { | ||
| name = "${name}.tar.gz"; |
There was a problem hiding this comment.
This seemingly can be omitted.
|
|
||
| postInstall = '' | ||
| wrapProgram "$out/bin/suricatasc" \ | ||
| --prefix PYTHONPATH : $PYTHONPATH:$(toPythonPath "$out") |
There was a problem hiding this comment.
I think it should be --prefix PYTHONPATH : $(toPythonPath $out), seemingly $PYTHONPATH is not set. Also, consider using wrapPython.
|
|
||
| let | ||
|
|
||
| in |
| boost | ||
| cmake | ||
| pkgconfig | ||
| python |
There was a problem hiding this comment.
Are boost, python and ragel build-time only dependencies in this case? Perhaps they are, I just wanted to make sure.
| meta = with stdenv.lib; { | ||
| homepage = https://01.org/hyperscan; | ||
| description = "A high-performance multiple regex matching library"; | ||
| license = [ licenses.bsd3 licenses.bsd2 licenses.boost ]; |
There was a problem hiding this comment.
From https://01.org/hyperscan it seems that hyperscan is only under BSD 3-Clause, and not under BSD 2-Clause or Boost licenses.
There was a problem hiding this comment.
There was a problem hiding this comment.
It's common for big companies to list all dependencies' licenses in the license file. The package itself is still under BSD 3-Clause.
There was a problem hiding this comment.
|
|
||
| let | ||
|
|
||
| in |
| gnutls | ||
| ]; | ||
|
|
||
| propagatedBuildInputs = [ |
There was a problem hiding this comment.
Why are interpreters propagated?
| meta = with stdenv.lib; { | ||
| homepage = https://www.prelude-siem.org/projects/libprelude; | ||
| description = "IDMEF transport library used by all Prelude agents"; | ||
| license = licenses.gpl2; |
There was a problem hiding this comment.
Seemingly, it is under licenses.gpl2Plus: https://github.com/Prelude-SIEM/libprelude/blob/855888af18f38433322e24589bc254bc2ea9ec85/src/common.c#L10
|
OK, thanks for all the feedback. I don't have time to fix the major issues. Maybe another time. |
Things done
build-use-sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)