<div dir="ltr">Hi Timo<div><br></div><div>Thanks a lot for your detailed explanation . It is very useful. </div><div><br></div><div>A stable Debian package repository for suricata will be very helpful.</div><div><br></div><div>Thanks</div><div><br></div><div>Kashif </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 28, 2020 at 3:22 PM Timo Sigurdsson <<a href="mailto:public_timo.s@silentcreek.de">public_timo.s@silentcreek.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Mohammad,<br>
<br>
<a href="mailto:kashif.alig@gmail.com" target="_blank">kashif.alig@gmail.com</a> schrieb am 28.04.2020 08:58 (GMT +02:00):<br>
> Hi<br>
> <br>
> I can compile and make Suricata 4.1.7/5.0.2 on Debian Buster and it works.<br>
> But now I want to move into production so looking for Debian stable package<br>
> so it can be installed on multiple sensors easily.<br>
> Suricata 5.0.2 is available in Debian testing repository but I don't want<br>
> to run Debian testing on production system.<br>
> I could not find Suricata 4.1.7/5.0.2 in Debian Backports either. The<br>
> version available with Buster stable repo is quite old 4.1.2.<br>
> So I assume that I am left with the option of building package myself. I<br>
> tried little bit with building 5.0.2 on buster but it didn't work.<br>
> Before I spent more time troubleshooting package building, I want to ask<br>
> people in this group whether any one successfully build Suricata package<br>
> either version 4.1.7 or 5.0.2 for Buster.<br>
> Is there any other way to find latest package for Debian Buster?<br>
> <br>
> Any help would be really appreciated.<br>
> <br>
> Thanks<br>
> <br>
> Kashif<br>
<br>
I have recently built a backport of suricata 5.0.2-3 (the current version in testing) for Debian Buster myself.<br>
<br>
For the time being, feel free to use my backported packages which I uploaded here for you [1] or follow the steps I used to build the packages (see below). Disclaimer: Unlike Sascha, I'm not a Debian developer, so take everything with a grain of salt... Anyway, other than adding a changelog entry indicating the backport, I have not changed the sources/packages in any way. The link expires in 3 months. By that time I guess the version will be outdated anyway ;) You will at least need the packages suricata_5.0.2-3~bpo10+1_amd64.deb and libhtp2_0.5.32-1~bpo10+1_amd64.deb, but I uploaded all the binary packages and build info just in case.<br>
<br>
The way I built the package is this:<br>
I have a Docker container with a minimal Debian Buster build environment, but any Debian Buster installation should do fine, I guess. I added the testing repositories in the apt configuration and pinned them to a lower priority so I can install packages from testing if I want to but not by default. Then the steps are simple:<br>
<br>
- Build libhtp2:<br>
apt-get build-dep libhtp2/testing<br>
apt-get source libhtp2/testing<br>
# Change into extracted source folder and update changelog<br>
dch --local ~bpo10+ "Backport from Debian Testing to Debian Stable"<br>
dpkg-buildpackage -b --no-sign<br>
# Find the generated packages in the parent directory<br>
<br>
- Install the generated libhtp-dev_0.5.32-1~bpo10+1_amd64.deb<br>
<br>
- Build suricata:<br>
apt-get build-dep suricata/testing<br>
apt-get source suricata/testing<br>
# Change into extracted source folder and update changelog<br>
dch --local ~bpo10+ "Backport from Debian Testing to Debian Stable"<br>
dpkg-buildpackage -b --no-sign<br>
# Find the generated packages in the parent directory<br>
<br>
- Build suricata-update (optional) the same way as suricata by replacing "suricata" with "suricata-update" in the steps above.<br>
<br>
<br>
Now about the stable packages for Debian in general:<br>
There is an old feature request in the OISF bug tracker for a stable Debian package repository [2]. I have just recently seconded that request. Victor previously suggested in this ticket to use the Debian backports repository, but I don't think Debian backports are a sustainable solution if users wish to track stable releases (in packaged form). Once testing is frozen for the next release, the backports repository will also be (mostly) stalled again. I would favor a stable package archive for Debian just in the same way OISF provides one for Ubuntu.<br>
<br>
Best regards,<br>
<br>
Timo<br>
<br>
[1] <a href="https://cloud.timo-sigurdsson.com/index.php/s/7SWmpcn3HATKJD8" rel="noreferrer" target="_blank">https://cloud.timo-sigurdsson.com/index.php/s/7SWmpcn3HATKJD8</a><br>
[2] <a href="https://redmine.openinfosecfoundation.org/issues/1216" rel="noreferrer" target="_blank">https://redmine.openinfosecfoundation.org/issues/1216</a><br>
</blockquote></div>