[Snort-devel] New Snort rpmbuild capability]

JP Vossen vossenjp at ...628...
Wed Jan 7 16:45:01 EST 2004

> From: "Sheppard Martin Contr AFRL/IFGB" <Martin.Sheppard at ...2281...>
> To: "'snort-devel at lists.sourceforge.net'" <snort-devel at lists.sourceforge.net>
> Subject: [Snort-devel] New Snort rpmbuild capability
> Return-Path: <snort-devel-admin at lists.sourceforge.net>
> Date: Wed, 10 Dec 2003 19:45:51 -0000
> This morning I built Snort 2.0.5 on a machie running Linux 8 using the
> command "rpmbuild -ta <name of snort tarred gzipped filename>".  The build
> went fine.

Great!  I love the -ta thing...


> Upon checking the log I found that the default
> rpmbuild does not make an rpm  capable of logging to mysql.  I then did a
> little searching and found how to build the package logging to mysql.

Correct.  See README.build_rpms and README.rpms.

> The command "rpmbuild --with mysql -ta <name of snort tarred gzipped
> filename>" worked just fine apparently (at least the snort rpm was built
> in the RPMS/i386 directory.  My problem is now that the resulting rpm will
> not install.  The error is as follows:
> [afed at ...2282... i386]$ sudo rpm -ivh snort-2.0.5-1.i386.rpm
> error: Failed dependencies:
>         snort = 2.0.5 is needed by snort-mysql-2.0.5-1
> [afed at ...2282... i386]$
> Ummm what gives?  This is snort that I am installing!   Anyone else running
> into this behavior, or am I doing something wrong?

I'm not 100% sure why you saw that (hopefully, you have worked around this by
now, but I'm answering anyway to get it into the archive and just in case).
However, I would first try and 'rpm -Uvh' and if that didn't help, an 'rpm
--force -Uvh'.  I regularly build and install something like:
	rpmbuild -ta -with mysql {tarball}
	rpm -Uvh snort*.rpm

As noted in the docs and on the "developer" page [0] snort-2.x.y-z.i386.rpm is
the plain Snort, rules, docs, contrib, etc.  The other binary RPMs provide
ONLY special built binaries, i.e. for MySQL.  They are then symlinked to
'snort'.  If you have trouble after install one of these check like this:

### Note this is a test box with goofy files, but it was handy and it gives
### you the idea...
# ll /usr/sbin/snort*
lrwxrwxrwx  1 root  root    21 Sep 18 17:52 /usr/sbin/snort -> /usr/sbin/snort-plain*
-rwxr-xr-x  1 root  root  2.1M Sep 18 00:08 /usr/sbin/snort-mysql*
-rwxr-xr-x  1 root  root  2.1M Sep 18 00:08 /usr/sbin/snort-plain*
-rwxr-xr-x  1 root  root  2.1M Sep 18 00:08 /usr/sbin/snort-postgresql*

We've had some trouble getting the symlink logic correct.  We *think* we've
got it licked in the 2.0.6+ and 2.1.0+ packages, but...

JP Vossen, CISSP
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
You used to have to reboot the Windows 9.x series every couple of days
because it would crash.  Now you have to reboot Windows 200x or XP every
couple of days because of a patch.  How is that better or more stable?

