[Oisf-users] Latest stable/oldstable on Debian Buster

Timo Sigurdsson public_timo.s at silentcreek.de
Tue Apr 28 14:22:57 UTC 2020 

Hi Mohammad,

kashif.alig at gmail.com schrieb am 28.04.2020 08:58 (GMT +02:00):
> Hi
> 
> I can compile and make Suricata 4.1.7/5.0.2 on Debian Buster and it works.
> But now I want to move into production so looking for Debian stable package
> so it can be installed on multiple sensors easily.
> Suricata 5.0.2 is available in Debian testing repository but I don't want
> to run Debian testing on production system.
> I could not find Suricata 4.1.7/5.0.2 in Debian Backports either.  The
> version available with Buster stable repo is quite old 4.1.2.
> So I assume that I am left with the option of building package myself.  I
> tried little bit with building 5.0.2 on buster but it didn't work.
> Before I spent more time troubleshooting package building, I want to ask
> people in this group whether any one successfully build Suricata package
> either version 4.1.7 or 5.0.2 for Buster.
> Is there any other way to find latest package for Debian Buster?
> 
> Any help would be really appreciated.
> 
> Thanks
> 
> Kashif

I have recently built a backport of suricata 5.0.2-3 (the current version in testing) for Debian Buster myself.

For the time being, feel free to use my backported packages which I uploaded here for you [1] or follow the steps I used to build the packages (see below). Disclaimer: Unlike Sascha, I'm not a Debian developer, so take everything with a grain of salt... Anyway, other than adding a changelog entry indicating the backport, I have not changed the sources/packages in any way. The link expires in 3 months. By that time I guess the version will be outdated anyway ;) You will at least need the packages suricata_5.0.2-3~bpo10+1_amd64.deb and libhtp2_0.5.32-1~bpo10+1_amd64.deb, but I uploaded all the binary packages and build info just in case.

The way I built the package is this:
I have a Docker container with a minimal Debian Buster build environment, but any Debian Buster installation should do fine, I guess. I added the testing repositories in the apt configuration and pinned them to a lower priority so I can install packages from testing if I want to but not by default. Then the steps are simple:

- Build libhtp2:
  apt-get build-dep libhtp2/testing
  apt-get source libhtp2/testing
  # Change into extracted source folder and update changelog
  dch --local ~bpo10+ "Backport from Debian Testing to Debian Stable"
  dpkg-buildpackage -b --no-sign
  # Find the generated packages in the parent directory

- Install the generated libhtp-dev_0.5.32-1~bpo10+1_amd64.deb

- Build suricata:
  apt-get build-dep suricata/testing
  apt-get source suricata/testing
  # Change into extracted source folder and update changelog
  dch --local ~bpo10+ "Backport from Debian Testing to Debian Stable"
  dpkg-buildpackage -b --no-sign
  # Find the generated packages in the parent directory

- Build suricata-update (optional) the same way as suricata by replacing "suricata" with "suricata-update" in the steps above.


Now about the stable packages for Debian in general:
There is an old feature request in the OISF bug tracker for a stable Debian package repository [2]. I have just recently seconded that request. Victor previously suggested in this ticket to use the Debian backports repository, but I don't think Debian backports are a sustainable solution if users wish to track stable releases (in packaged form). Once testing is frozen for the next release, the backports repository will also be (mostly) stalled again. I would favor a stable package archive for Debian just in the same way OISF provides one for Ubuntu.

Best regards,

Timo

[1] https://cloud.timo-sigurdsson.com/index.php/s/7SWmpcn3HATKJD8
[2] https://redmine.openinfosecfoundation.org/issues/1216

More information about the Oisf-users mailing list