Snap for suricata

snapcraft
1

iam going to create snap for suricata

name: suricata
base: core22
version: '6.0.5'
summary: Suricata is a tool
description: |
  Suricata is a high performance Network IDS, IPS and Network Security
  Monitoring engine. Open Source and owned by a community-run non-profit
  foundation, the Open Information Security Foundation (OISF). Suricata is
  developed by the OISF, its contributors and the Suricata community.
grade: stable
confinement: strict

apps:
  suricata:
    command: bin/suricata
    plugs:
      - network
      - network-bind

parts:
  suricata:
    source: .
    plugin: dump
    source-type: local
    organize:
      suricata: snap/local/suricata/

iam getting this error Generated snap metadata
Command β€˜[β€˜snap’, β€˜pack’, β€˜β€“filename’, β€˜suricata_6.0.5_amd64.snap’, β€˜β€“compression’, β€˜xz’, PosixPath(’/root/prime’), PosixPath(β€˜/root/project’)]’ returned non-zero exit status 1.
Failed to execute pack in instance.

any idea what to field need to add in yaml file.

1 Like
2

The path of suricata is probably not what you’ve given. Probably it’s just suricata. So, the command should be suricata. Also, you can shell into the environment by running snapcraft with --debug argument.

1 Like
3

Who is this @Regan ?

4

Here is I want to try build suricata from source and along with supporting libraries here is my tree structure

|Suricata-snap
β”œβ”€β”€ snap
β”‚   └── local
β”‚       β”œβ”€β”€ bin
β”‚       β”‚   └── suricata
β”‚       β”œβ”€β”€ ld-linux-x86-64.so.2
β”‚       β”œβ”€β”€ libcap.so.2
β”‚       β”œβ”€β”€ libc.so.6
β”‚       β”œβ”€β”€ libdbus-1.so.3
β”‚       β”œβ”€β”€ libgcc_s.so.1
β”‚       β”œβ”€β”€ libgcrypt.so.20
β”‚       β”œβ”€β”€ libgpg-error.so.0
β”‚       β”œβ”€β”€ libhtp.so.2
β”‚       β”œβ”€β”€ libjansson.so.4
β”‚       β”œβ”€β”€ liblz4.so.1
β”‚       β”œβ”€β”€ liblzma.so.5
β”‚       β”œβ”€β”€ libm.so.6
β”‚       β”œβ”€β”€ libpcap.so.0.8
β”‚       β”œβ”€β”€ libpcre2-8.so.0
β”‚       β”œβ”€β”€ libsystemd.so.0
β”‚       β”œβ”€β”€ libyaml-0.so.2
β”‚       β”œβ”€β”€ libz.so.1
β”‚       └── libzstd.so.1
β”œβ”€β”€ snapcraft.yaml

Please guide me to modify the yaml

Iam getting this error: Generated snap metadata Command β€˜[β€˜snap’, β€˜pack’, β€˜β€“filename’, β€˜suricata_6.0.5_amd64.snap’, β€˜β€“compression’, β€˜xz’, PosixPath(’/root/prime’), PosixPath(β€˜/root/project’)]’ returned non-zero exit status 1. Failed to execute pack in instance

5

Is there any particular reason you are installing into snap/local (which is a very special location in snaps to ship special scripts you do not want executed directly)

6

No special reason normally just wanted to create a snap for suricata, and try to install and check the functionalities like apt install .but facing errors creating from source so we moved to create a snap for binaries that we can able to create snap with just binary and supported libraries but if we install it not creating the folders and yaml files and rule files for that what i need to add for my yaml file

name: suricata
base: core22
version: '6.0.5'
summary: Suricata is a tool
description: |
  Suricata is a high performance Network IDS, IPS and Network Security
  Monitoring engine. Open Source and owned by a community-run non-profit
  foundation, the Open Information Security Foundation (OISF). Suricata is
  developed by the OISF, its contributors and the Suricata community.
grade: stable
confinement: strict

apps:
  suricata:
    command: suricata
    plugs:
      - network
      - network-bind

parts:
  suricata:
    source: /root/project/snap/local/bin/
    source-type: local
    organize:
      /root/project/snap/local/*: .
    plugin: dump

my tree structure is

|Suricata-snap
β”œβ”€β”€ snap
β”‚   └── local
β”‚       β”œβ”€β”€ bin
β”‚        | └── suricata
β”‚        |-lib
               β”œβ”€β”€ ld-linux-x86-64.so.2
β”‚            β”œβ”€β”€ libcap.so.2
β”‚            β”œβ”€β”€ libc.so.6
β”‚            β”œβ”€β”€ libdbus-1.so.3
β”‚            β”œβ”€β”€ libgcc_s.so.1
β”‚            β”œβ”€β”€ libgcrypt.so.20
β”‚            β”œβ”€β”€ libgpg-error.so.0
β”‚            β”œβ”€β”€ libhtp.so.2
β”‚            β”œβ”€β”€ libjansson.so.4
β”‚            β”œβ”€β”€ liblz4.so.1
β”‚            β”œβ”€β”€ liblzma.so.5
β”‚            β”œβ”€β”€ libm.so.6
β”‚            β”œβ”€β”€ libpcap.so.0.8
β”‚            β”œβ”€β”€ libpcre2-8.so.0
β”‚            β”œβ”€β”€ libsystemd.so.0
β”‚            β”œβ”€β”€ libyaml-0.so.2
β”‚            β”œβ”€β”€ libz.so.1
β”‚            └── libzstd.so.1
β”œβ”€β”€ snapcraft.yaml
7

Please drop the whole organize block, snap/ is a special dir holding package info Metadata, hooks and hook scripts, no payload data should go into it, just let snapcraft do its duty and you will be fine.

Your source: entry should likely just be:

    source: suricata

So that things in that dir move into the toplevel of your snap

1 Like
8 
this is unsupported and may cause unexpected behavior. If you must store
these files within the 'snap' directory, move them to 'snap/local'
which is ignored by snapcraft.                                      
Failed to pull source: 'suricata' not found.                                                                                                
Make sure the source path is correct and accessible.                                           
Failed to execute pack in instance.
9

Well, i was assuming you have a β€œsuricata” dir in your project tree … where exactly does your source live before you add a snap/snapcraft.yaml to it and what is the structure ?

10

https://github.com/jasonish/suricata-snap/blob/master/snap/snapcraft.yaml#L21

here they have snapcraft yaml file there that i have taken reference so what i thought is the link he is building from source , i tried downloaded source manually configured and make and then after with just binaries and supported libraries i have used that also not working as expected.

11

If you build something outside of the snapcraft build process, it is essential that you use a similar environment matching the base: you picked and then also make sure to use a correct DESTDIR variable to install it into its own location, not on the host…

TBH, I’d just take the original snapcraft.yaml and update it to core22 (the original still uses core18 which corresponds to an 18.04 build environment) and bump all the necessary stage and build-package versions as well as moving to new snapcraft schemas … and then let snapcraft do the build

For the schema changes there is:

12

yes i have also used the core 18 yaml and updated to 22 but iam new to this snap creation so where to use which fields not have much idea so confusing any documentation for creating local snaps and from github any idea?

13

Just clone the git tree, move into the cloned directory and run snapcraft in there…

Then start changing bit by bit in the snapcraft.yaml and iterate over builds until you got everything up to date

1 Like