name: builds on: push: pull_request: workflow_dispatch: inputs: LIBHTP_REPO: LIBHTP_BRANCH: SU_REPO: SU_BRANCH: SV_REPO: SV_BRANCH: permissions: read-all env: DEFAULT_SV_REPO: https://github.com/OISF/suricata-verify DEFAULT_SV_BRANCH: master DEFAULT_CFLAGS: "-Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function" # Apt sometimes likes to ask for user input, this will prevent that. DEBIAN_FRONTEND: "noninteractive" # A recent version of stable Rust that is known to pass build, test and other # verification steps in this workflow. This was added because using "stable" # could cause some steps to fail. RUST_VERSION_KNOWN: "1.62.0" # The minimum version of Rust supported. RUST_VERSION_MIN: "1.58.1" jobs: prepare-deps: name: Prepare dependencies runs-on: ubuntu-latest steps: - name: Dumping github context for debugging run: echo $JSON env: JSON: ${{ toJSON(github) }} - run: sudo apt update && sudo apt -y install jq curl - name: Parse repo and branch information env: # We fetch the actual pull request to get the latest body as # github.event.pull_request.body has the body from the # initial pull request. PR_HREF: ${{ github.event.pull_request._links.self.href }} run: | if test "${PR_HREF}"; then body=$(curl -s "${PR_HREF}" | jq -r .body | tr -d '\r') echo "Parsing branch and PR info from:" echo "${body}" LIBHTP_REPO=$(echo "${body}" | awk -F = '/^LIBHTP_REPO=/ { print $2 }') LIBHTP_BRANCH=$(echo "${body}" | awk -F = '/^LIBHTP_BRANCH=/ { print $2 }') SU_REPO=$(echo "${body}" | awk -F = '/^SU_REPO=/ { print $2 }') SU_BRANCH=$(echo "${body}" | awk -F = '/^SU_BRANCH=/ { print $2 }') SV_REPO=$(echo "${body}" | awk -F = '/^SV_REPO=/ { print $2 }') SV_BRANCH=$(echo "${body}" | awk -F = '/^SV_BRANCH=/ { print $2 }') else echo "No pull request body, will use inputs or defaults." LIBHTP_REPO=${{ inputs.LIBHTP_REPO }} LIBHTP_BRANCH=${{ inputs.LIBHTP_BRANCH }} SU_REPO=${{ inputs.SU_REPO }} SU_BRANCH=${{ inputs.SU_BRANCH }} SV_REPO=${{ inputs.SV_REPO }} SV_BRANCH=${{ inputs.SV_BRANCH }} fi # If the _REPO variables don't contain a full URL, add GitHub. if [ "${LIBHTP_REPO}" ] && ! echo "${LIBHTP_REPO}" | grep -q '^https://'; then LIBHTP_REPO="https://github.com/${LIBHTP_REPO}" fi if [ "${SU_REPO}" ] && ! echo "${SU_REPO}" | grep -q '^https://'; then SU_REPO="https://github.com/${SU_REPO}" fi if [ "${SV_REPO}" ] && ! echo "${SV_REPO}" | grep -q '^https://'; then SV_REPO="https://github.com/${SV_REPO}" fi echo LIBHTP_REPO=${LIBHTP_REPO} | tee -a ${GITHUB_ENV} echo LIBHTP_BRANCH=${LIBHTP_BRANCH} | tee -a ${GITHUB_ENV} echo SU_REPO=${SU_REPO} | tee -a ${GITHUB_ENV} echo SU_BRANCH=${SU_BRANCH} | tee -a ${GITHUB_ENV} echo SV_REPO=${SV_REPO:-${DEFAULT_SV_REPO}} | tee -a ${GITHUB_ENV} echo SV_BRANCH=${SV_BRANCH:-${DEFAULT_SV_BRANCH}} | tee -a ${GITHUB_ENV} - name: Annotate output run: | echo "::notice:: LIBHTP_REPO=${LIBHTP_REPO}" echo "::notice:: LIBHTP_BRANCH=${LIBHTP_BRANCH}" echo "::notice:: SU_REPO=${SU_REPO}" echo "::notice:: SU_BRANCH=${SU_BRANCH}" echo "::notice:: SV_REPO=${SV_REPO}" echo "::notice:: SV_BRANCH=${SV_BRANCH}" # Now checkout Suricata for the bundle script. - name: Checking out Suricata uses: actions/checkout@v3.5.3 - name: Fetching libhtp run: | DESTDIR=./bundle ./scripts/bundle.sh libhtp tar zcf libhtp.tar.gz -C bundle libhtp - name: Fetching suricata-update run: | DESTDIR=./bundle ./scripts/bundle.sh suricata-update tar zcf suricata-update.tar.gz -C bundle suricata-update - name: Fetching suricata-verify run: | # Looking for a pull request number. in the SV_BRANCH # value. This could be "pr/NNN", "pull/NNN" or a link to an # OISF/suricata-verify pull request. pr=$(echo "${SV_BRANCH}" | sed -n \ -e 's/^https:\/\/github.com\/OISF\/suricata-verify\/pull\/\([0-9]*\)$/\1/p' \ -e 's/^pull\/\([0-9]*\)$/\1/p' \ -e 's/^pr\/\([0-9]*\)$/\1/p') if [ "${pr}" ]; then SV_BRANCH="refs/pull/${pr}/head" echo "Using suricata-verify pull-request ${SV_BRANCH}" else echo "Using suricata-verify branch ${SV_BRANCH}" fi git clone --depth 1 ${SV_REPO} suricata-verify cd suricata-verify git fetch --depth 1 origin ${SV_BRANCH} git -c advice.detachedHead=false checkout FETCH_HEAD cd .. tar zcf suricata-verify.tar.gz suricata-verify - name: Uploading prep archive uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce with: name: prep path: | libhtp.tar.gz suricata-update.tar.gz suricata-verify.tar.gz prepare-cbindgen: name: Prepare cbindgen runs-on: ubuntu-latest steps: - name: Cache ~/.cargo uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Installing Rust run: | curl https://sh.rustup.rs -sSf | sh -s -- -y echo "$HOME/.cargo/bin" >> $GITHUB_PATH rustup target add x86_64-unknown-linux-musl - name: Building static cbindgen for Linux run: | cargo install --target x86_64-unknown-linux-musl --debug cbindgen cp $HOME/.cargo/bin/cbindgen . - name: Uploading prep archive uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce with: name: prep path: . almalinux-9: name: AlmaLinux 9 runs-on: ubuntu-latest container: almalinux:9 needs: [prepare-deps] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Cache RPMs uses: actions/cache@v3.3.1 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - uses: actions/checkout@v3.5.3 # Download and extract dependency archives created during prep # job. - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xvf prep/libhtp.tar.gz - run: tar xvf prep/suricata-update.tar.gz - run: tar xvf prep/suricata-verify.tar.gz - name: Install system packages run: | dnf -y install dnf-plugins-core epel-release dnf config-manager --set-enabled crb dnf -y install \ autoconf \ automake \ cargo-vendor \ cbindgen \ diffutils \ numactl-devel \ dpdk-devel \ file-devel \ gcc \ gcc-c++ \ git \ jansson-devel \ jq \ lua-devel \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ nss-devel \ pcre2-devel \ pkgconfig \ python3-devel \ python3-sphinx \ python3-yaml \ rust-toolset \ sudo \ which \ zlib-devel # These packages required to build the PDF. dnf -y install \ texlive-latex \ texlive-cmap \ texlive-collection-latexrecommended \ texlive-fncychap \ texlive-titlesec \ texlive-tabulary \ texlive-framed \ texlive-wrapfig \ texlive-upquote \ texlive-capt-of \ texlive-needspace #- name: Setup cppclean # run: | # git clone --depth 1 --branch suricata https://github.com/catenacyber/cppclean # cd cppclean # python3 setup.py install - name: Configuring run: | ./autogen.sh CFLAGS="${DEFAULT_CFLAGS}" ./configure - run: make -j2 distcheck env: DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-lua --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk" - run: test -e doc/userguide/suricata.1 - name: Checking includes run: | cppclean src/*.h | grep "does not need to be #included" | python3 scripts/cppclean_check.py - name: Building Rust documentation run: make doc working-directory: rust - run: make install - run: suricatasc -h - run: suricata-update -V - name: Check if Suricata-Update example configuration files are installed run: | test -e /usr/local/lib/suricata/python/suricata/update/configs/disable.conf test -e /usr/local/lib/suricata/python/suricata/update/configs/drop.conf test -e /usr/local/lib/suricata/python/suricata/update/configs/enable.conf test -e /usr/local/lib/suricata/python/suricata/update/configs/modify.conf test -e /usr/local/lib/suricata/python/suricata/update/configs/threshold.in test -e /usr/local/lib/suricata/python/suricata/update/configs/update.yaml almalinux-9-templates: name: AlmaLinux 9 Test Templates runs-on: ubuntu-latest container: almalinux:9 needs: [prepare-deps] steps: - name: Cache RPMs uses: actions/cache@v3.3.1 with: path: /var/cache/dnf # TODO: Find some variable that matches the job name. key: almalinux-9-templates-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo/registry key: cargo-registry - uses: actions/checkout@v3.5.3 # Download and extract dependency archives created during prep # job. - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xvf prep/libhtp.tar.gz - run: tar xvf prep/suricata-update.tar.gz - run: tar xvf prep/suricata-verify.tar.gz - name: Install system packages run: | dnf -y install dnf-plugins-core epel-release dnf config-manager --set-enabled crb dnf -y install \ autoconf \ automake \ cbindgen \ diffutils \ numactl-devel \ dpdk-devel \ file-devel \ gcc \ gcc-c++ \ git \ jansson-devel \ jq \ lua-devel \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ nss-devel \ pcre2-devel \ pkgconfig \ python3-devel \ python3-sphinx \ python3-yaml \ sudo \ which \ zlib-devel - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain stable -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: rustup component add rustfmt - run: rustup component add clippy - name: Build run: | ./autogen.sh CFLAGS="${DEFAULT_CFLAGS}" ./configure make -j2 - run: ./scripts/setup-app-layer.py --parser --logger --detect FooBar payload - run: make -j2 - run: ./src/suricata --list-app-layer-protos | grep foobar - name: Verify rustfmt run: rustfmt -v --check src/applayerfoobar/*.rs working-directory: rust - name: Verify clippy run: cargo clippy --all-features working-directory: rust # AlmaLinux 8 builder and distribution archive builder that some # other builds will depend on. almalinux-8: name: AlmaLinux 8 (Dist builder) runs-on: ubuntu-latest container: almalinux:8 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Cache RPMs uses: actions/cache@v3.3.1 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - uses: actions/checkout@v3.5.3 # Prebuild check for duplicate SIDs - name: Check for duplicate SIDs run: | dups=$(sed -n 's/^alert.*sid:\([[:digit:]]*\);.*/\1/p' ./rules/*.rules|sort|uniq -d|tr '\n' ' ') if [[ "${dups}" != "" ]]; then echo "::error::Duplicate SIDs found:${dups}" exit 1 fi # Download and extract dependency archives created during prep # job. - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xvf prep/libhtp.tar.gz - run: tar xvf prep/suricata-update.tar.gz - run: tar xvf prep/suricata-verify.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - name: Install system packages run: | yum -y install dnf-plugins-core yum config-manager --set-enabled powertools yum -y install \ autoconf \ automake \ cargo-vendor \ diffutils \ numactl-devel \ dpdk-devel \ file-devel \ gcc \ gcc-c++ \ git \ jansson-devel \ jq \ lua-devel \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ nss-devel \ pcre2-devel \ pkgconfig \ python3-devel \ python3-sphinx \ python3-yaml \ rust-toolset \ sudo \ which \ zlib-devel # These packages required to build the PDF. yum -y install \ texlive-latex \ texlive-cmap \ texlive-collection-latexrecommended \ texlive-fncychap \ texlive-titlesec \ texlive-tabulary \ texlive-framed \ texlive-wrapfig \ texlive-upquote \ texlive-capt-of \ texlive-needspace #- name: Setup cppclean # run: | # git clone --depth 1 --branch suricata https://github.com/catenacyber/cppclean # cd cppclean # python3 setup.py install - name: Configuring run: | ./autogen.sh CFLAGS="${DEFAULT_CFLAGS}" ./configure - run: make -j2 distcheck env: DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-lua --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk" - run: test -e doc/userguide/suricata.1 - name: Checking includes run: | cppclean src/*.h | grep "does not need to be #included" | python3 scripts/cppclean_check.py - name: Building Rust documentation run: make doc working-directory: rust - run: make install - run: suricatasc -h - run: suricata-update -V - name: Preparing distribution run: | mkdir dist mv suricata-*.tar.gz dist - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce name: Uploading distribution with: name: dist path: dist centos-7: name: CentOS 7 runs-on: ubuntu-latest container: centos:7 needs: [prepare-deps, almalinux-8] steps: - name: Cache ~/.cargo uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Cache RPMs uses: actions/cache@v3.3.1 with: path: /var/cache/yum key: ${{ github.job }}-yum - run: echo "keepcache=1" >> /etc/yum.conf - name: Install system dependencies run: | yum -y install epel-release yum -y install \ autoconf \ automake \ cargo \ diffutils \ file-devel \ gcc \ gcc-c++ \ jansson-devel \ jq \ lua-devel \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ lz4-devel \ make \ nss-devel \ pcre2-devel \ pkgconfig \ python36-PyYAML \ rust \ sudo \ which \ zlib-devel - name: Download suricata.tar.gz uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: dist - run: tar zxvf suricata-*.tar.gz --strip-components=1 # This isn't really needed as we are building from a prepared # package, but some package managers like RPM and Debian like to # run this command even on prepared packages, so make sure it # works. - name: Test autoreconf run: autoreconf -fv --install - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure - run: make -j2 - run: make install - run: make install-conf - run: make distcheck - run: make clean - run: make -j2 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/suricata-verify.tar.gz - run: python3 ./suricata-verify/run.py -q - run: suricata-update -V - run: suricatasc -h fedora-38-sv-codecov: name: Fedora 38 (Suricata Verify codecov) runs-on: ubuntu-latest container: fedora:38 needs: [prepare-deps] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Cache RPMs uses: actions/cache@v3.3.1 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - run: | dnf -y install \ autoconf \ automake \ cbindgen \ ccache \ clang \ curl \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ lua-devel \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ llvm-devel \ lz4-devel \ make \ nss-softokn-devel \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ which \ zlib-devel # packaged Rust version has no profiler support built in, so get from rustup - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.63.0 -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: ./autogen.sh - run: ./configure --disable-shared env: CC: "clang" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" - run: make -j2 env: CC: "clang" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q - run: llvm-profdata merge -o default.profdata $(find suricata-verify/tests/ -name '*.profraw') - run: llvm-cov show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt - name: Upload coverage to Codecov uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 with: fail_ci_if_error: false flags: suricata-verify # Fedora 38 build using Clang. fedora-38-clang: name: Fedora 38 (clang, debug, asan, wshadow, rust-strict, systemd) runs-on: ubuntu-latest container: fedora:38 needs: [prepare-deps] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Cache RPMs uses: actions/cache@v3.3.1 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - run: | dnf -y install \ autoconf \ automake \ cargo \ cbindgen \ ccache \ clang \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ lua-devel \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libxdp-devel \ libbpf-devel \ libtool \ lz4-devel \ make \ nss-softokn-devel \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ systemd-devel \ which \ zlib-devel - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: ./autogen.sh - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue --enable-lua env: LDFLAGS: "-fsanitize=address" ac_cv_func_realloc_0_nonnull: "yes" ac_cv_func_malloc_0_nonnull: "yes" - run: make -j2 - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q # Now install and make sure headers and libraries aren't # installed until requested. - run: make install - run: test ! -e /usr/local/lib/libsuricata_c.a - run: test ! -e /usr/local/include/suricata - run: make install-headers - run: test -e /usr/local/include/suricata/suricata.h - run: make install-library - run: test -e /usr/local/lib/libsuricata_c.a - run: test -e /usr/local/lib/libsuricata_rust.a - run: test -e /usr/local/bin/libsuricata-config - run: test ! -e /usr/local/lib/libsuricata.so - run: make install - run: suricata-update -V - run: suricatasc -h # Check compilation against systemd - run: ldd src/suricata | grep libsystemd &> /dev/null # Fedora 38 build using GCC. fedora-38-gcc: name: Fedora 38 (gcc, debug, asan, wshadow, rust-strict) runs-on: ubuntu-latest container: fedora:38 needs: [prepare-deps] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo/registry key: cargo-registry - run: | dnf -y install \ autoconf \ automake \ cargo \ cbindgen \ ccache \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ lua-devel \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ nss-softokn-devel \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ which \ zlib-devel - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: ./autogen.sh - run: ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue env: CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" LDFLAGS: "-fsanitize=address" ac_cv_func_realloc_0_nonnull: "yes" ac_cv_func_malloc_0_nonnull: "yes" - run: make -j2 - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q # Now install and make sure headers and libraries aren't # installed until requested. - run: make install - run: test ! -e /usr/local/lib/libsuricata_c.a - run: test ! -e /usr/local/include/suricata - run: make install-headers - run: test -e /usr/local/include/suricata/suricata.h - run: make install-library - run: test -e /usr/local/lib/libsuricata_c.a - run: test -e /usr/local/lib/libsuricata_rust.a - run: test -e /usr/local/bin/libsuricata-config - run: test ! -e /usr/local/lib/libsuricata.so - run: make install - run: suricata-update -V - run: suricatasc -h # Fedora 37 build using Clang. fedora-37-clang: name: Fedora 37 (clang, debug, asan, wshadow, rust-strict, systemd) runs-on: ubuntu-latest container: fedora:37 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Cache RPMs uses: actions/cache@v3.3.1 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - run: | dnf -y install \ autoconf \ automake \ cargo \ ccache \ clang \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ lua-devel \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libxdp-devel \ libbpf-devel \ libtool \ lz4-devel \ make \ nss-softokn-devel \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ systemd-devel \ which \ zlib-devel - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue --enable-lua env: LDFLAGS: "-fsanitize=address" ac_cv_func_realloc_0_nonnull: "yes" ac_cv_func_malloc_0_nonnull: "yes" - run: make -j2 - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q # Now install and make sure headers and libraries aren't install # until requested. - run: make install - run: test ! -e /usr/local/lib/libsuricata_c.a - run: test ! -e /usr/local/include/suricata - run: make install-headers - run: test -e /usr/local/include/suricata/suricata.h - run: make install-library - run: test -e /usr/local/lib/libsuricata_c.a - run: test -e /usr/local/lib/libsuricata_rust.a - run: test -e /usr/local/bin/libsuricata-config - run: test ! -e /usr/local/lib/libsuricata.so - run: make install - run: suricata-update -V - run: suricatasc -h # Check compilation against systemd - run: ldd src/suricata | grep libsystemd &> /dev/null # Fedora 37 build using GCC. fedora-37-gcc: name: Fedora 37 (gcc, debug, asan, wshadow, rust-strict) runs-on: ubuntu-latest container: fedora:37 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo/registry key: cargo-registry - run: | dnf -y install \ autoconf \ automake \ cargo \ ccache \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ lua-devel \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ nss-softokn-devel \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ which \ zlib-devel - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - run: ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue env: CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" LDFLAGS: "-fsanitize=address" ac_cv_func_realloc_0_nonnull: "yes" ac_cv_func_malloc_0_nonnull: "yes" - run: make -j2 - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q # Now install and make sure headers and libraries aren't install # until requested. - run: make install - run: test ! -e /usr/local/lib/libsuricata_c.a - run: test ! -e /usr/local/include/suricata - run: make install-headers - run: test -e /usr/local/include/suricata/suricata.h - run: make install-library - run: test -e /usr/local/lib/libsuricata_c.a - run: test -e /usr/local/lib/libsuricata_rust.a - run: test -e /usr/local/bin/libsuricata-config - run: test ! -e /usr/local/lib/libsuricata.so - run: make install - run: suricata-update -V - run: suricatasc -h fedora-36-clang: name: Fedora 36 (clang, debug, asan, wshadow, rust-strict, systemd) runs-on: ubuntu-latest container: fedora:36 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Cache RPMs uses: actions/cache@v3.3.1 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - run: | dnf -y install \ autoconf \ automake \ cargo \ ccache \ clang \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ lua-devel \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libxdp-devel \ libbpf-devel \ libtool \ lz4-devel \ make \ nss-softokn-devel \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ systemd-devel \ which \ zlib-devel - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue --enable-lua env: LDFLAGS: "-fsanitize=address" ac_cv_func_realloc_0_nonnull: "yes" ac_cv_func_malloc_0_nonnull: "yes" - run: make -j2 - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q # Now install and make sure headers and libraries aren't install # until requested. - run: make install - run: test ! -e /usr/local/lib/libsuricata_c.a - run: test ! -e /usr/local/include/suricata - run: make install-headers - run: test -e /usr/local/include/suricata/suricata.h - run: make install-library - run: test -e /usr/local/lib/libsuricata_c.a - run: test -e /usr/local/lib/libsuricata_rust.a - run: test -e /usr/local/bin/libsuricata-config - run: test ! -e /usr/local/lib/libsuricata.so - run: make install - run: suricata-update -V - run: suricatasc -h # Check compilation against systemd - run: ldd src/suricata | grep libsystemd &> /dev/null fedora-36-gcc: name: Fedora 36 (gcc, debug, asan, wshadow, rust-strict) runs-on: ubuntu-latest container: fedora:36 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo/registry key: cargo-registry - run: | dnf -y install \ autoconf \ automake \ cargo \ ccache \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ lua-devel \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ nss-softokn-devel \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ which \ zlib-devel - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - run: ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue env: CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" LDFLAGS: "-fsanitize=address" ac_cv_func_realloc_0_nonnull: "yes" ac_cv_func_malloc_0_nonnull: "yes" - run: make -j2 - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q # Now install and make sure headers and libraries aren't install # until requested. - run: make install - run: test ! -e /usr/local/lib/libsuricata_c.a - run: test ! -e /usr/local/include/suricata - run: make install-headers - run: test -e /usr/local/include/suricata/suricata.h - run: make install-library - run: test -e /usr/local/lib/libsuricata_c.a - run: test -e /usr/local/lib/libsuricata_rust.a - run: test -e /usr/local/bin/libsuricata-config - run: test ! -e /usr/local/lib/libsuricata.so - run: make install - run: suricata-update -V - run: suricatasc -h # This job builds and tests Suricata as a non-root user as some # issues only show up when not running as root, and by default all # jobs in GitHub actions are run as root inside the container. fedora-37-non-root: name: Fedora 37 (non-root, debug, clang, asan, wshadow, rust-strict, systemd) runs-on: ubuntu-latest container: fedora:37 needs: [prepare-deps] steps: - run: | dnf -y install \ autoconf \ automake \ cargo \ cbindgen \ ccache \ clang \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ lua-devel \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ nss-softokn-devel \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ systemd-devel \ which \ zlib-devel - run: adduser suricata - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: tar xf prep/suricata-verify.tar.gz - run: mkdir /home/suricata/suricata - run: cp -a . /home/suricata/suricata - run: chown -R suricata:suricata /home/suricata - run: sudo -u suricata -s ./autogen.sh working-directory: /home/suricata/suricata - run: sudo -u suricata -s env PATH="/home/suricata/.cargo/bin:$PATH" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue working-directory: /home/suricata/suricata env: ac_cv_func_realloc_0_nonnull: "yes" ac_cv_func_malloc_0_nonnull: "yes" LDFLAGS: "-fsanitize=address" CC: "clang" CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" - run: sudo -u suricata -s env PATH="/home/suricata/.cargo/bin:$PATH" make -j2 working-directory: /home/suricata/suricata - run: sudo -u suricata -s make check working-directory: /home/suricata/suricata - run: sudo -u suricata -s python3 ./suricata-verify/run.py -q working-directory: /home/suricata/suricata # Test that ./configure fails out of libjansson is not available. almalinux-9-no-jansson: name: AlmaLinux 9 (no jansson) runs-on: ubuntu-latest container: almalinux:9 needs: [prepare-deps] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Cache RPMs uses: actions/cache@v3.3.1 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - run: | dnf -y install dnf-plugins-core epel-release dnf config-manager --set-enable crb dnf -y install \ autoconf \ automake \ cargo \ cbindgen \ clang \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ lua-devel \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ nss-softokn-devel \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ which \ zlib-devel - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: ./autogen.sh - run: | if ./configure; then echo "error: configure should have failed" exit 1 else exit 0 fi ubuntu-22-04-cov-ut: name: Ubuntu 22.04 (unittests coverage) runs-on: ubuntu-latest container: ubuntu:22.04 needs: [prepare-deps, prepare-cbindgen] steps: - name: Cache ~/.cargo uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ clang-14 \ curl \ git \ jq \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ libhyperscan-dev \ liblua5.1-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libjansson-dev \ libpython2.7 \ llvm-14-dev \ make \ parallel \ python3-yaml \ software-properties-common \ zlib1g \ zlib1g-dev \ exuberant-ctags \ curl \ dpdk-dev # packaged Rust version is too old for coverage, so get from rustup - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.63.0 -y - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - run: ./configure --disable-shared --enable-unittests env: CC: "clang-14" CXX: "clang++-14" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" - run: make -j2 env: CC: "clang-14" CXX: "clang++-14" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" - run: ./src/suricata -u -l /tmp/ env: LLVM_PROFILE_FILE: "/tmp/ut.profraw" - run: llvm-profdata-14 merge -o ut.profdata /tmp/ut.profraw - run: llvm-cov-14 show ./src/suricata -instr-profile=ut.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt - run: | cd rust cargo test --no-run cd .. env: RUSTFLAGS: "-C instrument-coverage" CARGO_INCREMENTAL: 0 - run: | $(find rust/target/debug/deps/ -type f -regex 'rust/target/debug/deps/suricata\-[a-z0-9]+$') env: LLVM_PROFILE_FILE: "/tmp/ct.profraw" CARGO_INCREMENTAL: 0 - run: llvm-profdata-14 merge -o ct.profdata /tmp/ct.profraw - run: llvm-cov-14 show $(find rust/target/debug/deps/ -type f -regex 'rust/target/debug/deps/suricata\-[a-z0-9]+$') -instr-profile=ct.profdata --show-instantiations --ignore-filename-regex="^/root/.*" >> coverage.txt - run: | cd libhtp make test cd .. env: LLVM_PROFILE_FILE: "/tmp/htp-test.profraw" - run: llvm-profdata-14 merge -o htp-test.profdata /tmp/htp-test.profraw - run: llvm-cov-14 show libhtp/test/test_all -instr-profile=htp-test.profdata --show-instantiations --ignore-filename-regex="^/root/.*" >> coverage.txt - name: Upload coverage to Codecov uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 with: fail_ci_if_error: false flags: unittests ubuntu-22-04-cov-fuzz: name: Ubuntu 22.04 (fuzz corpus coverage) runs-on: ubuntu-latest container: ubuntu:22.04 needs: [prepare-deps, prepare-cbindgen] steps: - name: Cache ~/.cargo uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ llvm-14-dev \ clang-14 \ git \ jq \ libc++-dev \ libc++abi-dev \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ liblua5.1-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libjansson-dev \ libpython2.7 \ make \ parallel \ python3-yaml \ software-properties-common \ zlib1g \ zlib1g-dev \ exuberant-ctags \ unzip \ curl \ time \ wget \ dpdk-dev # packaged Rust version is too old for coverage, so get from rustup - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.63.0 -y - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - run: ./configure --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect env: LIB_FUZZING_ENGINE: "fail_to_onefile_driver" CC: "clang-14" CXX: "clang++-14" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -fPIC -Wno-unused-parameter -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -Wimplicit-int-float-conversion -Wimplicit-int-conversion -Werror" CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -stdlib=libc++ -Wimplicit-int-float-conversion -Wimplicit-int-conversion" ac_cv_func_malloc_0_nonnull: "yes" ac_cv_func_realloc_0_nonnull: "yes" - run: make -j2 env: CC: "clang-14" CXX: "clang++-14" RUSTFLAGS: "-C instrument-coverage" - run: ./qa/run-ossfuzz-corpus.sh - run: llvm-profdata-14 merge -o default.profdata $(find /tmp/ -name '*.profraw') - run: llvm-cov-14 show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt - name: Upload coverage to Codecov uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 with: fail_ci_if_error: false flags: fuzzcorpus ubuntu-20-04-ndebug: name: Ubuntu 20.04 (-DNDEBUG) runs-on: ubuntu-latest container: ubuntu:20.04 needs: [prepare-deps, prepare-cbindgen] steps: - name: Cache ~/.cargo uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Install dependencies run: | apt update apt -y install \ build-essential \ autoconf \ automake \ cargo \ git \ jq \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libjansson-dev \ libpython2.7 \ libpcre2-dev \ make \ parallel \ python3-yaml \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev \ exuberant-ctags \ dpdk-dev - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - run: CFLAGS="$DEFAULT_CFLAGS -DNDEBUG" ./configure --enable-unittests - run: make -j2 - run: make check - run: make dist - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q # Now install and make sure headers and libraries aren't install # until requested. - run: make install - run: test ! -e /usr/local/lib/libsuricata_c.a - run: test ! -e /usr/local/include/suricata - run: make install-headers - run: test -e /usr/local/include/suricata/suricata.h - run: make install-library - run: test -e /usr/local/lib/libsuricata_c.a - run: test -e /usr/local/lib/libsuricata_rust.a - run: test -e /usr/local/bin/libsuricata-config - run: test -e /usr/local/lib/libsuricata.so - run: test -e /usr/local/lib/$(readlink /usr/local/lib/libsuricata.so) - run: suricata-update -V - run: suricatasc -h ubuntu-20-04-too-old-rust: name: Ubuntu 20.04 (unsupported rust) runs-on: ubuntu-latest container: ubuntu:20.04 needs: almalinux-8 steps: - name: Cache ~/.cargo uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Install dependencies run: | apt update apt -y install \ build-essential \ curl \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libjansson-dev \ libpython2.7 \ libpcre2-dev \ make \ python3-yaml \ software-properties-common \ zlib1g \ zlib1g-dev \ dpdk-dev - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.33.0 -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - name: Download suricata.tar.gz uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: dist - run: tar zxvf suricata-*.tar.gz --strip-components=1 - run: | if ./configure; then echo "error: configure should have failed" exit 1 else exit 0 fi ubuntu-22-04-debug-validation: name: Ubuntu 22.04 (Debug Validation) runs-on: ubuntu-22.04 container: ubuntu:22.04 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ cargo \ git \ jq \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libjansson-dev \ libpython2.7 \ make \ parallel \ python3-yaml \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev \ exuberant-ctags - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - run: ./configure --enable-debug-validation env: CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" LDFLAGS: "-fsanitize=address" ac_cv_func_malloc_0_nonnull: "yes" ac_cv_func_realloc_0_nonnull: "yes" - run: make -j2 - run: make check - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q ubuntu-22-04: name: Ubuntu 22.04 (Cocci) runs-on: ubuntu-22.04 container: ubuntu:22.04 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ cargo \ git \ jq \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libjansson-dev \ libpython2.7 \ libpython3.10 \ make \ parallel \ python3-yaml \ python-is-python3 \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev \ exuberant-ctags - name: Install packages for generating documentation run: | DEBIAN_FRONTEND=noninteractive apt -y install \ sphinx-doc \ sphinx-common \ texlive-latex-base \ texlive-fonts-recommended \ texlive-fonts-extra \ texlive-latex-extra - name: Install Coccinelle run: | apt -y install coccinelle - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-coccinelle - run: make -j2 - run: make tags - name: Running unit tests and cocci checks # Set the concurrency level for cocci. run: CONCURRENCY_LEVEL=2 make check - run: make dist - name: Checking that documentation was built run: | test -e doc/userguide/userguide.pdf test -e doc/userguide/suricata.1 - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q # test build with afl and fuzztargets ubuntu-22-04-fuzz: name: Ubuntu 22.04 (Fuzz) runs-on: ubuntu-22.04 container: ubuntu:22.04 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Install dependencies run: | apt update apt -y install \ afl \ afl-clang \ libpcre2-dev \ build-essential \ autoconf \ automake \ cargo \ git \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libhiredis-dev \ libjansson-dev \ libjansson-dev \ libpython2.7 \ make \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - run: AFL_HARDEN=1 ac_cv_func_realloc_0_nonnull=yes ac_cv_func_malloc_0_nonnull=yes CFLAGS="-fsanitize=address -fno-omit-frame-pointer" CXXFLAGS=$CFLAGS CC=afl-clang-fast CXX=afl-clang-fast++ LDFLAGS="-fsanitize=address" ./configure --enable-fuzztargets --disable-shared - run: AFL_HARDEN=1 make -j2 ubuntu-22-04-netmap-build: name: Ubuntu 22.04 (Netmap build) needs: [prepare-deps, prepare-cbindgen] runs-on: ubuntu-22.04 steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo/registry key: cargo-registry - name: Install dependencies run: | sudo apt update sudo apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ cargo \ git \ jq \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libjansson-dev \ libpython2.7 \ make \ parallel \ python3-yaml \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev \ exuberant-ctags - name: Install Netmap dependencies run: | sudo apt -y install \ build-essential \ git \ linux-headers-$(uname -r) - name: Checkout Netmap repository uses: actions/checkout@v3.5.3 with: repository: luigirizzo/netmap # gets cloned to $GITHUB_WORKSPACE/netmap/ path: netmap/ - name: Compile and install Netmap run: | cd $GITHUB_WORKSPACE/netmap/LINUX ./configure --no-drivers make -j2 sudo make install - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-netmap - run: make -j2 - run: ./src/suricata --build-info | grep -E "Netmap support:\s+yes" ubuntu-22-04-dpdk-build: name: Ubuntu 22.04 (DPDK Build) runs-on: ubuntu-22.04 container: ubuntu:22.04 needs: [ prepare-deps, prepare-cbindgen ] strategy: matrix: dpdk_version: [ 22.11.1, 21.11.3, 20.11.7, 19.11.14 ] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo/registry key: cargo-registry - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ cargo \ git \ jq \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libjansson-dev \ libpython2.7 \ make \ parallel \ python3-yaml \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev \ exuberant-ctags - name: Install DPDK dependencies run: | apt update apt install -y \ curl \ build-essential \ libnuma-dev \ ninja-build \ meson \ python3-pip \ python3-pyelftools \ python3-setuptools \ python3-wheel - name: Compile and install DPDK run: | cd $HOME rm -rf dpdk_${{ matrix.dpdk_version }} find /usr/ -name 'librte_*.a' -delete mkdir -p dpdk_${{ matrix.dpdk_version }} && cd dpdk_${{ matrix.dpdk_version }} curl -fsLS https://fast.dpdk.org/rel/dpdk-${{ matrix.dpdk_version }}.tar.xz | tar -xJ --strip-components=1 rm -rf build/ meson setup -Dtests=false --prefix=/usr/ build ninja -C build ninja -C build install ldconfig cd $HOME - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-dpdk - run: make -j2 - run: make check debian-11: name: Debian 11 (xdp) runs-on: ubuntu-latest container: debian:11 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - run: | echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list apt update apt -y install \ automake \ autoconf \ build-essential \ ccache \ curl \ git \ gosu \ jq \ libpcre2-dev \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libjansson-dev \ libgeoip-dev \ liblua5.1-dev \ libhiredis-dev \ libevent-dev \ libtool \ m4 \ make \ python3-yaml \ pkg-config \ sudo \ zlib1g \ zlib1g-dev \ clang \ libbpf-dev \ libelf-dev \ libxdp-dev - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-fuzztargets --enable-ebpf --enable-ebpf-build - run: make -j2 - run: make check - run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q - run: make install - run: suricata-update -V - run: suricatasc -h debian-10: name: Debian 10 runs-on: ubuntu-latest container: debian:10 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - run: | apt update apt -y install \ automake \ autoconf \ build-essential \ ccache \ curl \ git \ gosu \ jq \ libpcre2-dev \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libjansson-dev \ libgeoip-dev \ liblua5.1-dev \ libhiredis-dev \ libevent-dev \ libtool \ m4 \ make \ python3-yaml \ pkg-config \ sudo \ zlib1g \ zlib1g-dev \ clang \ libbpf-dev \ libelf-dev - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - name: Setup cbindgen run: | mkdir -p $HOME/.cargo/bin cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-fuzztargets --enable-ebpf --enable-ebpf-build - run: make -j2 - run: make check - run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q - run: make install - run: suricata-update -V - run: suricatasc -h macos-latest: name: MacOS Latest runs-on: macos-latest needs: [prepare-deps] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - run: | brew install \ autoconf \ automake \ curl \ hiredis \ jansson \ jq \ libmagic \ libnet \ libtool \ libyaml \ lua \ pkg-config \ python \ rust \ xz - name: Install cbindgen run: cargo install --debug --version 0.24.3 cbindgen - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: pip3 install PyYAML - uses: actions/checkout@v3.5.3 - name: Downloading prep archive uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xvf prep/libhtp.tar.gz - run: tar xvf prep/suricata-update.tar.gz - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests - run: make -j2 # somehow it gets included by some C++ stdlib header (case unsensitive) - run: rm libhtp/VERSION && make check - run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q - run: make install - run: suricata-update -V - run: suricatasc -h windows-msys2-mingw64-npcap: name: Windows MSYS2 MINGW64 (NPcap) runs-on: windows-latest needs: [prepare-deps] defaults: run: shell: msys2 {0} steps: - name: Cache ~/.cargo uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - uses: actions/checkout@v3.5.3 - uses: msys2/setup-msys2@v2 with: msystem: MINGW64 update: true install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2 # hack: install our own cbindgen system wide as we can't get the # preinstalled one to be picked up by configure - name: cbindgen run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - name: Npcap DLL run: | curl -sL -O https://nmap.org/npcap/dist/npcap-1.00.exe 7z -y x -o/npcap-bin npcap-1.00.exe # hack: place dlls in cwd cp /npcap-bin/*.dll . - name: Npcap SDK run: | curl -sL -O https://nmap.org/npcap/dist/npcap-sdk-1.06.zip unzip npcap-sdk-1.06.zip -d /npcap cp /npcap/Lib/x64/* /usr/lib/ - run: tar xf prep/suricata-verify.tar.gz - name: Build run: | ./autogen.sh CFLAGS="-ggdb -Werror" ./configure --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64 make -j3 - name: Run run: | ./src/suricata --build-info ./src/suricata -u -l /tmp/ # need cwd in path due to npcap dlls (see above) PATH="$PATH:$(pwd)" python3 ./suricata-verify/run.py -q - run: make install - run: suricata-update -V windows-msys2-mingw64-libpcap: name: Windows MSYS2 MINGW64 (libpcap) runs-on: windows-latest needs: [prepare-deps] defaults: run: shell: msys2 {0} steps: - name: Cache ~/.cargo uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - uses: actions/checkout@v3.5.3 - uses: msys2/setup-msys2@v2 with: msystem: MINGW64 update: true install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2 libpcap-devel mingw-w64-x86_64-libpcap # hack: install our own cbindgen system wide as we can't get the # preinstalled one to be picked up by configure - name: cbindgen run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: tar xf prep/suricata-verify.tar.gz - name: Build run: | ./autogen.sh CFLAGS="-ggdb -Werror" ./configure --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64 make -j3 - name: Run run: | ./src/suricata --build-info ./src/suricata -u -l /tmp/ python3 ./suricata-verify/run.py -q - run: make install - run: suricata-update -V windows-msys2-mingw64-windivert: name: Windows MSYS2 MINGW64 (WinDivert) runs-on: windows-latest needs: [prepare-deps] defaults: run: shell: msys2 {0} steps: - name: Cache ~/.cargo uses: actions/cache@v3.3.1 with: path: ~/.cargo key: ${{ github.job }}-cargo - uses: actions/checkout@v3.5.3 - uses: msys2/setup-msys2@v2 with: msystem: MINGW64 update: true install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2 libpcap-devel mingw-w64-x86_64-libpcap # hack: install our own cbindgen system wide as we can't get the # preinstalled one to be picked up by configure - name: cbindgen run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen - uses: actions/checkout@v3.5.3 - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - name: WinDivert run: | curl -sL -O https://github.com/basil00/Divert/releases/download/v1.4.3/WinDivert-1.4.3-A.zip unzip WinDivert-1.4.3-A.zip -d /windivert cp /windivert/WinDivert-1.4.3-A/x86_64/* /usr/lib/ # hack: place dlls in cwd cp /windivert/WinDivert-1.4.3-A/x86_64/*.dll . - name: Build run: | ./autogen.sh CFLAGS="-ggdb -Werror" ./configure --enable-gccprotect --disable-gccmarch-native --disable-shared --enable-windivert --with-windivert-include=/windivert/WinDivert-1.4.3-A/include --with-windivert-libraries=/windivert/WinDivert-1.4.3-A/x86_64 make -j3 - name: Run run: | # need cwd in path due to dlls (see above) PATH="$PATH:$(pwd)" ./src/suricata --build-info - run: make install