Bump buildroot to 2020.11-rc1 (#985)

* Update buildroot-patches for 2020.11-rc1 buildroot * Update buildroot to 2020.11-rc1 Signed-off-by: Stefan Agner <stefan@agner.ch> * Don't rely on sfdisk --list-free output The --list-free (-F) argument does not allow machine readable mode. And it seems that the output format changes over time (different spacing, using size postfixes instead of raw blocks). Use sfdisk json output and calculate free partition space ourselfs. This works for 2.35 and 2.36 and is more robust since we rely on output which is meant for scripts to parse. * Migrate defconfigs for Buildroot 2020.11-rc1 In particular, rename BR2_TARGET_UBOOT_BOOT_SCRIPT(_SOURCE) to BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT(_SOURCE). * Rebase/remove systemd patches for systemd 246 * Drop apparmor/libapparmor from buildroot-external * hassos-persists: use /run as directory for lockfiles The U-Boot tools use /var/lock by default which is not created any more by systemd by default (it is under tmpfiles legacy.conf, which we no longer install). * Disable systemd-update-done.service The service is not suited for pure read-only systems. In particular the service needs to be able to write a file in /etc and /var. Remove the service. Note: This is a static service and cannot be removed using systemd-preset. * Disable apparmor.service for now The service loads all default profiles. Some might actually cause problems. E.g. the profile for ping seems not to match our setup for /etc/resolv.conf: [85503.634653] audit: type=1400 audit(1605286002.684:236): apparmor="DENIED" operation="open" profile="ping" name="/run/resolv.conf" pid=27585 comm="ping" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2020-11-13 18:25:44 +01:00
parent 25a0dd3082
commit a0871be6c0
4024 changed files with 68095 additions and 47900 deletions
--- a/buildroot/package/suricata/0001-python-ensure-proper-shabang-on-python-scripts.patch
+++ b/buildroot/package/suricata/0001-python-ensure-proper-shabang-on-python-scripts.patch
@@ -18,6 +18,8 @@ executable.
  - provide proper commit log
 ]
 Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
+[Fabrice: update for 6.0.0]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 ---
 python/Makefile.am | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
@@ -27,16 +29,16 @@ index 59d195f29..a41604f72 100644
 --- a/python/Makefile.am
 +++ b/python/Makefile.am
@@ -6,11 +6,11 @@ EXTRA_DIST =	setup.py \
- if HAVE_PYTHON
+ if HAVE_PYTHON_DISTUTILS
 all-local:
 	cd $(srcdir) && \
-		$(HAVE_PYTHON) setup.py build --build-base $(abs_builddir)
-+		$(HAVE_PYTHON) setup.py build -e "/usr/bin/env python" --build-base $(abs_builddir)
+-		$(HAVE_PYTHON) setup.py build --build-base "$(abs_builddir)"
+		$(HAVE_PYTHON) setup.py build -e "/usr/bin/env python" --build-base "$(abs_builddir)"
 
 install-exec-local:
 	cd $(srcdir) && \
-		$(HAVE_PYTHON) setup.py build --build-base $(abs_builddir) \
-+		$(HAVE_PYTHON) setup.py build -e "/usr/bin/env python" --build-base $(abs_builddir) \
+-		$(HAVE_PYTHON) setup.py build --build-base "$(abs_builddir)" \
+		$(HAVE_PYTHON) setup.py build -e "/usr/bin/env python" --build-base "$(abs_builddir)" \
 		install --prefix $(DESTDIR)$(prefix)
 
 uninstall-local:
--- a/buildroot/package/suricata/0002-configure.ac-allow-the-user-to-override-RUST_TARGET.patch
+++ b/buildroot/package/suricata/0002-configure.ac-allow-the-user-to-override-RUST_TARGET.patch
@@ -0,0 +1,35 @@
+From 7ab4d5eb55e1d3900390b76e5f46e80e22d4e80e Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Sat, 10 Oct 2020 21:34:21 +0200
+Subject: [PATCH] configure.ac: allow the user to override RUST_TARGET
+
+When cross-compiling, RUST_TARGET is not always equal to host_triplet
+(e.g. buildroot) so allow the user to override this default value
+through RUST_TARGET environment variable
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ configure.ac | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 32c230209..7d7c9373f 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -2489,7 +2489,12 @@ fi
+     have_rust_vendor="no"
+ 
+     if test "x$cross_compiling" = "xyes"; then
+-      RUST_SURICATA_LIB_XC_DIR="${host_alias}/"
+      if test "x$RUST_TARGET" != "x"; then
+        RUST_SURICATA_LIB_XC_DIR="$RUST_TARGET/"
+        AC_SUBST([RUST_TARGET],["--target $RUST_TARGET"])
+      else
+        RUST_SURICATA_LIB_XC_DIR="${host_alias}/"
+      fi
+     else
+       if test "x$CARGO_BUILD_TARGET" = "x"; then
+         RUST_SURICATA_LIB_XC_DIR=
+-- 
+2.28.0
+
--- a/buildroot/package/suricata/0002-configure.ac-fix-cross-compilation-with-lua.patch
+++ b/buildroot/package/suricata/0002-configure.ac-fix-cross-compilation-with-lua.patch
@@ -1,33 +0,0 @@
-From 8db38c21b525327305778fcaa232b2a797ffcb82 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Thu, 7 May 2020 19:05:23 +0200
-Subject: [PATCH] configure.ac: fix cross-compilation with lua
-
-lua integer size is detected through AC_RUN_IFELSE since
-https://github.com/OISF/suricata/commit/2abcd5d27f29ca37ae31108cc0ea0143fa25d0a1
-
-This breaks cross-compilation and is needed only for rust so disable it
-if rust is not wanted
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: not submitted yet]
---
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index 127848234..f5f33d42d 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -2225,7 +2225,7 @@ return 0;
-     AM_CONDITIONAL([HAVE_LUA], [test "x$enable_lua" != "xno"])
- 
-     # If Lua is enabled, test the integer size.
-    if test "x$enable_lua" = "xyes"; then
-+    if test "x$enable_lua" = "xyes" && test "x$enable_rust" = "xyes"; then
-         TMPLIBS="$LIBS"
-         LIBS=""
- 
-- 
-2.26.2
-
--- a/buildroot/package/suricata/Config.in
+++ b/buildroot/package/suricata/Config.in
@@ -1,8 +1,11 @@
 config BR2_PACKAGE_SURICATA
 	bool "suricata"
+	depends on BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS
 	depends on BR2_USE_MMU # fork()
 	depends on BR2_USE_WCHAR
 	depends on BR2_TOOLCHAIN_HAS_THREADS
+	select BR2_PACKAGE_HOST_RUSTC
+	select BR2_PACKAGE_JANSSON
 	select BR2_PACKAGE_LIBHTP
 	select BR2_PACKAGE_LIBPCAP
 	select BR2_PACKAGE_LIBYAML
@@ -18,5 +21,6 @@ config BR2_PACKAGE_SURICATA
 	  https://suricata-ids.org

 comment "suricata needs a toolchain w/ wchar, threads"
+	depends on BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS
 	depends on BR2_USE_MMU
 	depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
--- a/buildroot/package/suricata/suricata.hash
+++ b/buildroot/package/suricata/suricata.hash
@@ -1,5 +1,5 @@
 # Locally computed:
-sha256  3440cd1065b1b3999dc101a37c49321fab2791b38f16e2f7fe27369dd007eea7  suricata-4.1.9.tar.gz
+sha256  3c175a6dee9071141391f64828502cfb6e48dc1a20833e1411fb45be5368923b  suricata-6.0.0.tar.gz

 # Hash for license files:
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
--- a/buildroot/package/suricata/suricata.mk
+++ b/buildroot/package/suricata/suricata.mk
@@ -4,16 +4,18 @@
 #
 ################################################################################

-SURICATA_VERSION = 4.1.9
+SURICATA_VERSION = 6.0.0
 SURICATA_SITE = https://www.openinfosecfoundation.org/download
 SURICATA_LICENSE = GPL-2.0
 SURICATA_LICENSE_FILES = COPYING LICENSE
-# We're patching python/Makefile.am
+# 0001-python-ensure-proper-shabang-on-python-scripts.patch
+# 0002-configure.ac-allow-the-user-to-override-RUST_TARGET.patch
 SURICATA_AUTORECONF = YES

 SURICATA_DEPENDENCIES = \
 	host-pkgconf \
-	$(if $(BR2_PACKAGE_JANSSON),jansson) \
+	host-rustc \
+	jansson \
 	$(if $(BR2_PACKAGE_LIBCAP_NG),libcap-ng) \
 	$(if $(BR2_PACKAGE_LIBEVENT),libevent) \
 	libhtp \
@@ -24,12 +26,14 @@ SURICATA_DEPENDENCIES = \
 	pcre \
 	$(if $(BR2_PACKAGE_XZ),xz)

-SURICATA_CONF_ENV = ac_cv_path_HAVE_SPHINXBUILD=no
+SURICATA_CONF_ENV = \
+	ac_cv_path_HAVE_SPHINXBUILD=no \
+	CARGO_HOME=$(HOST_DIR)/share/cargo \
+	RUST_TARGET=$(RUSTC_TARGET_NAME)

 SURICATA_CONF_OPTS = \
 	--disable-gccprotect \
 	--disable-pie \
-	--disable-rust \
 	--disable-suricata-update \
 	--enable-non-bundled-htp

@@ -46,19 +50,9 @@ else
 SURICATA_CONF_OPTS += --disable-libmagic
 endif

-# --disable-libgeoip disables libgeoip when --enable-geoip is requested.
-# This allows libmaxminddb to be picked up instead of libgeoip when both are
-# installed on the system.
 ifeq ($(BR2_PACKAGE_LIBMAXMINDDB),y)
 SURICATA_DEPENDENCIES += libmaxminddb
-SURICATA_CONF_OPTS += \
-	--enable-geoip \
-	--disable-libgeoip
-else ifeq ($(BR2_PACKAGE_GEOIP),y)
-SURICATA_DEPENDENCIES += geoip
-SURICATA_CONF_OPTS += \
-	--enable-geoip \
-	--enable-libgeoip
+SURICATA_CONF_OPTS += --enable-geoip
 else
 SURICATA_CONF_OPTS += --disable-geoip
 endif