From f7701b7e1e6b09e953164e76d42b04f5fb86f93f Mon Sep 17 00:00:00 2001 From: Tobias Mayer Date: Sun, 15 Oct 2023 13:59:34 +0200 Subject: [PATCH 1/2] zeek: 5.2.0 -> 6.0.1 --- .../ids/zeek/avoid-broken-tests.patch | 16 ---- .../networking/ids/zeek/broker/default.nix | 24 +++--- .../debug-runtime-undef-fortify-source.patch | 26 ------ .../networking/ids/zeek/default.nix | 16 ++-- .../ids/zeek/fix-installation.patch | 85 +++++++++++++++---- 5 files changed, 83 insertions(+), 84 deletions(-) delete mode 100644 pkgs/applications/networking/ids/zeek/avoid-broken-tests.patch delete mode 100644 pkgs/applications/networking/ids/zeek/debug-runtime-undef-fortify-source.patch diff --git a/pkgs/applications/networking/ids/zeek/avoid-broken-tests.patch b/pkgs/applications/networking/ids/zeek/avoid-broken-tests.patch deleted file mode 100644 index 4784e6790fc3..000000000000 --- a/pkgs/applications/networking/ids/zeek/avoid-broken-tests.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/auxil/spicy/spicy/hilti/toolchain/CMakeLists.txt b/auxil/spicy/spicy/hilti/toolchain/CMakeLists.txt -index bafbabf1..0579f20a 100644 ---- a/auxil/spicy/spicy/hilti/toolchain/CMakeLists.txt -+++ b/auxil/spicy/spicy/hilti/toolchain/CMakeLists.txt -@@ -188,11 +188,3 @@ install_headers(include hilti) - install_headers(${PROJECT_BINARY_DIR}/include/hilti hilti) - install(CODE "file(REMOVE \"\$ENV\{DESTDIR\}${CMAKE_INSTALL_FULL_INCLUDEDIR}/hilti/hilti\")" - )# Get rid of symlink. -- --##### Tests -- --add_executable(hilti-toolchain-tests tests/main.cc tests/id-base.cc tests/visitor.cc tests/util.cc) --hilti_link_executable_in_tree(hilti-toolchain-tests PRIVATE) --target_link_libraries(hilti-toolchain-tests PRIVATE doctest) --target_compile_options(hilti-toolchain-tests PRIVATE "-Wall") --add_test(NAME hilti-toolchain-tests COMMAND ${PROJECT_BINARY_DIR}/bin/hilti-toolchain-tests) diff --git a/pkgs/applications/networking/ids/zeek/broker/default.nix b/pkgs/applications/networking/ids/zeek/broker/default.nix index 082607e4d023..977dc18b9c7e 100644 --- a/pkgs/applications/networking/ids/zeek/broker/default.nix +++ b/pkgs/applications/networking/ids/zeek/broker/default.nix @@ -14,8 +14,8 @@ let src-cmake = fetchFromGitHub { owner = "zeek"; repo = "cmake"; - rev = "9f05362a5c33ed11dab37d2dedf74206d59d8f6d"; - hash = "sha256-UfPPbwLJcI6+8EYLKRcBhxashEkCTJ2Gj1JOtFayot8="; + rev = "b191c36167bc0d6bd9f059b01ad4c99be98488d9"; + hash = "sha256-h6xPCcdTnREeDsGQhWt2w4yJofpr7g4a8xCOB2e0/qQ="; }; src-3rdparty = fetchFromGitHub { owner = "zeek"; @@ -28,17 +28,13 @@ let src = fetchFromGitHub { owner = "zeek"; repo = "actor-framework"; - rev = "dbb68b4573736d7aeb69268cc73aa766c998b3dd"; - hash = "sha256-RV2mKF3B47h/hDgK/D1UJN/ll2G5rcPkHaLVY1/C/Pg="; + rev = "4f580d89f35ae4d475505101623c8b022c0c6aa6"; + hash = "sha256-8KGXg072lZiq/rC5ZuThDGRjeYvVVFBd3ea8yhUHOYY="; }; - checkPhase = '' - runHook preCheck - libcaf_core/caf-core-test - libcaf_io/caf-io-test - libcaf_openssl/caf-openssl-test - libcaf_net/caf-net-test --not-suites='net.*' - runHook postCheck - ''; + cmakeFlags = old.cmakeFlags ++ [ + "-DCAF_ENABLE_TESTING=OFF" + ]; + doCheck = false; }); in stdenv.mkDerivation { @@ -51,8 +47,8 @@ stdenv.mkDerivation { src = fetchFromGitHub { owner = "zeek"; repo = "broker"; - rev = "bc0205ce1fc06ddb91abb6744cb79c7eb846c23e"; - hash = "sha256-bmyitJg3kRyIXm09IupLwZXbiGZfikkHcRcIexkS4/g="; + rev = "3df8d35732d51e3bd41db067260998e79e93f366"; + hash = "sha256-37JIgbG12zd13YhfgVb4egzi80fUcZVj/s+yvsjcP7E="; }; postUnpack = '' rmdir $sourceRoot/cmake $sourceRoot/3rdparty diff --git a/pkgs/applications/networking/ids/zeek/debug-runtime-undef-fortify-source.patch b/pkgs/applications/networking/ids/zeek/debug-runtime-undef-fortify-source.patch deleted file mode 100644 index 18aef601325d..000000000000 --- a/pkgs/applications/networking/ids/zeek/debug-runtime-undef-fortify-source.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/auxil/spicy/spicy/hilti/runtime/CMakeLists.txt b/auxil/spicy/spicy/hilti/runtime/CMakeLists.txt -index f154901c..76563717 100644 ---- a/auxil/spicy/spicy/hilti/runtime/CMakeLists.txt -+++ b/auxil/spicy/spicy/hilti/runtime/CMakeLists.txt -@@ -69,7 +69,7 @@ target_compile_definitions(hilti-rt-objects PRIVATE "HILTI_RT_BUILD_TYPE_RELEASE - # Build hilti-rt-debug with debug flags. - string(REPLACE " " ";" cxx_flags_debug ${CMAKE_CXX_FLAGS_DEBUG}) - target_compile_options(hilti-rt-debug-objects PRIVATE ${cxx_flags_debug}) --target_compile_options(hilti-rt-debug-objects PRIVATE "-UNDEBUG;-O0;-Wall") -+target_compile_options(hilti-rt-debug-objects PRIVATE "-UNDEBUG;-O0;-Wall;-U_FORTIFY_SOURCE") - target_compile_definitions(hilti-rt-debug-objects PRIVATE "HILTI_RT_BUILD_TYPE_DEBUG") - - add_library(hilti-rt-tests-library-dummy1 SHARED src/tests/library-dummy.cc) -diff --git a/auxil/spicy/spicy/spicy/runtime/CMakeLists.txt b/auxil/spicy/spicy/spicy/runtime/CMakeLists.txt -index 20e7d291..9712341f 100644 ---- a/auxil/spicy/spicy/spicy/runtime/CMakeLists.txt -+++ b/auxil/spicy/spicy/spicy/runtime/CMakeLists.txt -@@ -48,7 +48,7 @@ target_link_libraries(spicy-rt-objects PUBLIC hilti-rt-objects) - # Build spicy-rt-debug with debug flags. - string(REPLACE " " ";" cxx_flags_debug ${CMAKE_CXX_FLAGS_DEBUG}) - target_compile_options(spicy-rt-debug-objects PRIVATE ${cxx_flags_debug}) --target_compile_options(spicy-rt-debug-objects PRIVATE "-UNDEBUG;-O0;-Wall") -+target_compile_options(spicy-rt-debug-objects PRIVATE "-UNDEBUG;-O0;-Wall;-U_FORTIFY_SOURCE") - target_compile_definitions(spicy-rt-debug-objects PRIVATE "HILTI_RT_BUILD_TYPE_DEBUG") - target_link_libraries(spicy-rt-debug-objects PUBLIC hilti-rt-debug-objects) - diff --git a/pkgs/applications/networking/ids/zeek/default.nix b/pkgs/applications/networking/ids/zeek/default.nix index eb8799e76636..5b9ca68df1f7 100644 --- a/pkgs/applications/networking/ids/zeek/default.nix +++ b/pkgs/applications/networking/ids/zeek/default.nix @@ -5,7 +5,6 @@ , cmake , flex , bison -, spicy-parser-generator , openssl , libkqueue , libpcap @@ -26,18 +25,16 @@ let in stdenv.mkDerivation rec { pname = "zeek"; - version = "5.2.2"; + version = "6.0.1"; src = fetchurl { url = "https://download.zeek.org/zeek-${version}.tar.gz"; - sha256 = "sha256-4MJBV8yWpy5LvkyyipOZdDjU6FV7F8INc/zWddRGFcY="; + sha256 = "sha256-z8MpoXBDkZXXBw7FOH2Vzdp+trhqyF7HB7ntDp1Xaik="; }; strictDeps = true; patches = [ - ./avoid-broken-tests.patch - ./debug-runtime-undef-fortify-source.patch ./fix-installation.patch ]; @@ -51,7 +48,6 @@ stdenv.mkDerivation rec { buildInputs = [ broker - spicy-parser-generator curl gperftools libmaxminddb @@ -67,21 +63,19 @@ stdenv.mkDerivation rec { ]; postPatch = '' - patchShebangs ./auxil/spicy/spicy/scripts - - substituteInPlace auxil/spicy/CMakeLists.txt --replace "hilti-toolchain-tests" "" - substituteInPlace auxil/spicy/spicy/hilti/CMakeLists.txt --replace "hilti-toolchain-tests" "" + patchShebangs ./ci/collect-repo-info.py + patchShebangs ./auxil/spicy/scripts ''; cmakeFlags = [ "-DBroker_ROOT=${broker}" - "-DSPICY_ROOT_DIR=${spicy-parser-generator}" "-DENABLE_PERFTOOLS=true" "-DINSTALL_AUX_TOOLS=true" "-DZEEK_ETC_INSTALL_DIR=/etc/zeek" "-DZEEK_LOG_DIR=/var/log/zeek" "-DZEEK_STATE_DIR=/var/lib/zeek" "-DZEEK_SPOOL_DIR=/var/spool/zeek" + "-DDISABLE_JAVASCRIPT=ON" ] ++ lib.optionals stdenv.isLinux [ "-DLIBKQUEUE_ROOT_DIR=${libkqueue}" ]; diff --git a/pkgs/applications/networking/ids/zeek/fix-installation.patch b/pkgs/applications/networking/ids/zeek/fix-installation.patch index 6360a1173051..63c213e3a69e 100644 --- a/pkgs/applications/networking/ids/zeek/fix-installation.patch +++ b/pkgs/applications/networking/ids/zeek/fix-installation.patch @@ -1,18 +1,9 @@ -From f8c42a712db42cfd00fca75be2ce63c3aad2aad1 Mon Sep 17 00:00:00 2001 -From: Tobias Mayer -Date: Sun, 13 Nov 2022 21:48:36 +0100 -Subject: [PATCH] Fix installation - ---- - CMakeLists.txt | 5 ----- - 1 file changed, 5 deletions(-) - diff --git a/CMakeLists.txt b/CMakeLists.txt -index 846b65efd..d8b0be169 100644 +index 4d3da0c90..d37931c1b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -81,11 +81,6 @@ if ( NOT ZEEK_LOG_DIR ) - set(ZEEK_LOG_DIR ${ZEEK_ROOT_DIR}/logs) +@@ -503,11 +503,6 @@ if (NOT MSVC) + set(HAVE_SUPERVISOR true) endif () -install(DIRECTORY DESTINATION ${ZEEK_ETC_INSTALL_DIR}) @@ -21,8 +12,68 @@ index 846b65efd..d8b0be169 100644 -install(DIRECTORY DESTINATION ${ZEEK_LOG_DIR}) - configure_file(zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev) - execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink - "${CMAKE_CURRENT_BINARY_DIR}/zeek-wrapper.in" --- -2.37.3 - + + file( +@@ -1198,7 +1193,7 @@ if (INSTALL_ZKG) + @ONLY) + + install(DIRECTORY DESTINATION var/lib/zkg) +- install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zkg-config DESTINATION ${ZEEK_ZKG_CONFIG_DIR} ++ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zkg-config DESTINATION ${CMAKE_INSTALL_PREFIX}/etc/zeek/zkg + RENAME config) + endif () + +Submodule auxil/zeekctl contains modified content +diff --git a/auxil/zeekctl/CMakeLists.txt b/auxil/zeekctl/CMakeLists.txt +index 1ebe7c2..1435509 100644 +--- a/auxil/zeekctl/CMakeLists.txt ++++ b/auxil/zeekctl/CMakeLists.txt +@@ -9,7 +9,7 @@ file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/VERSION" VERSION LIMIT_COUNT 1) + set(PREFIX "${CMAKE_INSTALL_PREFIX}") + set(LIBDIR "${CMAKE_INSTALL_FULL_LIBDIR}") + set(ZEEKSCRIPTDIR "${ZEEK_SCRIPT_INSTALL_PATH}") +-set(ETC "${ZEEK_ETC_INSTALL_DIR}") ++set(ETC "${CMAKE_INSTALL_SYSCONFDIR}") + + ######################################################################## + ## Dependency Configuration +@@ -200,38 +200,9 @@ else () + set(LOGS ${VAR}/logs) + endif () + +-if ( BINARY_PACKAGING_MODE AND NOT APPLE ) +- # Packaging for Apple-based systems does not need special logic +- # because many probably find it more convenient for uninstalling +- # when everything resides under a common prefix (since there's no +- # native package management system) +- set(perms OWNER_READ OWNER_WRITE OWNER_EXECUTE +- GROUP_READ GROUP_WRITE GROUP_EXECUTE +- WORLD_READ WORLD_WRITE WORLD_EXECUTE) +- +- install(DIRECTORY DESTINATION ${SPOOL} +- DIRECTORY_PERMISSIONS ${perms}) +- install(DIRECTORY DESTINATION ${SPOOL}/tmp +- DIRECTORY_PERMISSIONS ${perms}) +- install(DIRECTORY DESTINATION ${SPOOL}/brokerstore +- DIRECTORY_PERMISSIONS ${perms}) +- install(DIRECTORY DESTINATION ${LOGS} +- DIRECTORY_PERMISSIONS ${perms}) +- set(EMPTY_WORLD_DIRS +- "${EMPTY_WORLD_DIRS} ${SPOOL} ${SPOOL}/tmp ${LOGS}" +- CACHE STRING "" FORCE) +-else () +- install(DIRECTORY DESTINATION ${SPOOL}) +- install(DIRECTORY DESTINATION ${SPOOL}/tmp) +- install(DIRECTORY DESTINATION ${SPOOL}/brokerstore) +- install(DIRECTORY DESTINATION ${LOGS}) +-endif () +- + file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeekctl-config.sh + "# Automatically generated. Do not edit.\n") +-install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zeekctl-config.sh DESTINATION ${SPOOL}) +-InstallSymlink(${SPOOL}/zeekctl-config.sh +- ${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh) ++install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zeekctl-config.sh DESTINATION ${PREFIX}/share/zeekctl/scripts) + + # A couple of configuration options that are needed are placed in here. + configure_file(etc/zeekctl.cfg.in From 09ebd106071fa0de56b722a4ec65c4bde58149dc Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Sun, 15 Oct 2023 14:41:00 +0200 Subject: [PATCH 2/2] zeek: fix build on darwin --- pkgs/applications/networking/ids/zeek/broker/default.nix | 2 ++ pkgs/applications/networking/ids/zeek/default.nix | 3 +++ pkgs/top-level/all-packages.nix | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/applications/networking/ids/zeek/broker/default.nix b/pkgs/applications/networking/ids/zeek/broker/default.nix index 977dc18b9c7e..cfb8cc685a10 100644 --- a/pkgs/applications/networking/ids/zeek/broker/default.nix +++ b/pkgs/applications/networking/ids/zeek/broker/default.nix @@ -74,6 +74,8 @@ stdenv.mkDerivation { "-DPY_MOD_INSTALL_DIR=${placeholder "py"}/${python3.sitePackages}/" ]; + env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.isDarwin "-faligned-allocation"; + meta = with lib; { description = "Zeek's Messaging Library"; homepage = "https://github.com/zeek/broker"; diff --git a/pkgs/applications/networking/ids/zeek/default.nix b/pkgs/applications/networking/ids/zeek/default.nix index 5b9ca68df1f7..8ab64a6e57dd 100644 --- a/pkgs/applications/networking/ids/zeek/default.nix +++ b/pkgs/applications/networking/ids/zeek/default.nix @@ -60,6 +60,7 @@ stdenv.mkDerivation rec { libkqueue ] ++ lib.optionals stdenv.isDarwin [ gettext + python3 ]; postPatch = '' @@ -80,6 +81,8 @@ stdenv.mkDerivation rec { "-DLIBKQUEUE_ROOT_DIR=${libkqueue}" ]; + env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.isDarwin "-faligned-allocation"; + postInstall = '' for file in $out/share/zeek/base/frameworks/notice/actions/pp-alarms.zeek $out/share/zeek/base/frameworks/notice/main.zeek; do substituteInPlace $file \ diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8f3087038877..f10d5a6a08f8 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7882,7 +7882,7 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) Security; }; - zeek = callPackage ../applications/networking/ids/zeek { }; + zeek = darwin.apple_sdk_11_0.callPackage ../applications/networking/ids/zeek { }; zeekscript = callPackage ../tools/security/zeekscript { };