[Oisf-users] Latest stable/oldstable on Debian Buster

Wed Apr 29 08:51:39 UTC 2020

Hi Timo

Thanks a lot for your detailed explanation . It is very useful.

A stable Debian package repository for suricata will be very helpful.

Thanks

Kashif

On Tue, Apr 28, 2020 at 3:22 PM Timo Sigurdsson <
public_timo.s at silentcreek.de> wrote:

> Hi Mohammad,
>
> kashif.alig at gmail.com schrieb am 28.04.2020 08:58 (GMT +02:00):
> > Hi
> >
> > I can compile and make Suricata 4.1.7/5.0.2 on Debian Buster and it
> works.
> > But now I want to move into production so looking for Debian stable
> package
> > so it can be installed on multiple sensors easily.
> > Suricata 5.0.2 is available in Debian testing repository but I don't want
> > to run Debian testing on production system.
> > I could not find Suricata 4.1.7/5.0.2 in Debian Backports either.  The
> > version available with Buster stable repo is quite old 4.1.2.
> > So I assume that I am left with the option of building package myself.  I
> > tried little bit with building 5.0.2 on buster but it didn't work.
> > Before I spent more time troubleshooting package building, I want to ask
> > people in this group whether any one successfully build Suricata package
> > either version 4.1.7 or 5.0.2 for Buster.
> > Is there any other way to find latest package for Debian Buster?
> >
> > Any help would be really appreciated.
> >
> > Thanks
> >
> > Kashif
>
> I have recently built a backport of suricata 5.0.2-3 (the current version
> in testing) for Debian Buster myself.
>
> For the time being, feel free to use my backported packages which I
> uploaded here for you [1] or follow the steps I used to build the packages
> (see below). Disclaimer: Unlike Sascha, I'm not a Debian developer, so take
> everything with a grain of salt... Anyway, other than adding a changelog
> entry indicating the backport, I have not changed the sources/packages in
> any way. The link expires in 3 months. By that time I guess the version
> will be outdated anyway ;) You will at least need the packages
> suricata_5.0.2-3~bpo10+1_amd64.deb and libhtp2_0.5.32-1~bpo10+1_amd64.deb,
> but I uploaded all the binary packages and build info just in case.
>
> The way I built the package is this:
> I have a Docker container with a minimal Debian Buster build environment,
> but any Debian Buster installation should do fine, I guess. I added the
> testing repositories in the apt configuration and pinned them to a lower
> priority so I can install packages from testing if I want to but not by
> default. Then the steps are simple:
>
> - Build libhtp2:
>   apt-get build-dep libhtp2/testing
>   apt-get source libhtp2/testing
>   # Change into extracted source folder and update changelog
>   dch --local ~bpo10+ "Backport from Debian Testing to Debian Stable"
>   dpkg-buildpackage -b --no-sign
>   # Find the generated packages in the parent directory
>
> - Install the generated libhtp-dev_0.5.32-1~bpo10+1_amd64.deb
>
> - Build suricata:
>   apt-get build-dep suricata/testing
>   apt-get source suricata/testing
>   # Change into extracted source folder and update changelog
>   dch --local ~bpo10+ "Backport from Debian Testing to Debian Stable"
>   dpkg-buildpackage -b --no-sign
>   # Find the generated packages in the parent directory
>
> - Build suricata-update (optional) the same way as suricata by replacing
> "suricata" with "suricata-update" in the steps above.
>
>
> Now about the stable packages for Debian in general:
> There is an old feature request in the OISF bug tracker for a stable
> Debian package repository [2]. I have just recently seconded that request.
> Victor previously suggested in this ticket to use the Debian backports
> repository, but I don't think Debian backports are a sustainable solution
> if users wish to track stable releases (in packaged form). Once testing is
> frozen for the next release, the backports repository will also be (mostly)
> stalled again. I would favor a stable package archive for Debian just in
> the same way OISF provides one for Ubuntu.
>
> Best regards,
>
> Timo
>
> [1] https://cloud.timo-sigurdsson.com/index.php/s/7SWmpcn3HATKJD8
> [2] https://redmine.openinfosecfoundation.org/issues/1216
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200429/c9bcddaf/attachment-0001.html>